icedid | 2a469601228e95defe50092a2dde56bd0a6ea62ff8162653094c9d41f7ab95a4 | Triage

Sharing

General

Target

JaffaCakes118_2a469601228e95defe50092a2dde56bd0a6ea62ff8162653094c9d41f7ab95a4
Size

206KB
Sample

241222-jzq4rs1jcr
MD5

11d335ba207582c5e2790f7907181a17
SHA1

a9eb4ae2b5c9064c5a01363cfba2359fa48f5aef
SHA256

2a469601228e95defe50092a2dde56bd0a6ea62ff8162653094c9d41f7ab95a4
SHA512

904dcbd3a7ae2ff1f7c06b6cc9c791339d903dfdfaceb9dd97685c092edd9122ec5c8560273044d0228898f0e0350fd24b98d628d56cfaee51962c2ffa113e51
SSDEEP

6144:X9qV+W9TaVnWrikfNP97L5eLxuloO/OIc3O/IFp:Xyr9TRri4NpVWBRIivn

Score

10^/10

icedid 3585208491 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3585208491

C2

bredofenction.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  a70b3ec4c53ae4755365ac54d9ee05ec
- SHA1
  
  2d991fc5b373182b537300b93329eaee13d2294e
- SHA256
  
  2fe44042cfc6602b43204e38bcbc2773d1e4f87be6aa16073625bc1b33af6877
- SHA512
  
  57de536a0b7c3ab74aa7480195341a3214162790869cfaede1917558fffb48023206eb68fb0a29d46c2eb720357f70bfe43a4d6a379f19a16f1ab34e28178050
Score

10^/10

icedid 3585208491 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  sol3nia.dll
- Size
  
  355KB
- MD5
  
  88789ba7f00909005b2fe18ce83dbf58
- SHA1
  
  08ffb813d1d7544380aa1b0e41703207451e1def
- SHA256
  
  00dcc4642d488643856259cd3c576d9e24045b48783fc21ebdccd5fb4de66f8c
- SHA512
  
  c78f79bd27a535e2efc1a133bfe92048dc3a77e9b9e6ef0aebab6403835fb585771c4da14493a1bf81a72e0f8340a5db81964e8852b4a3e8d0f9232985cd3478
- SSDEEP
  
  6144:vi6CAPF0IVqcbMQmJU+GkJXzgNLyKTknXKVp5/yQLGG/z2mpS8PUzdJd:HCEqcbMQCU+n9zgNOKTRp59jimY8PW
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3585208491bankerloadertrojan

behavioral2

icedid3585208491bankerloadertrojan

behavioral3

behavioral4