icedid | abc7fb1438538421c54f5edc027bcd1eea5c7a1aa533adcf7598d92ba6d8b907 | Triage

Sharing

General

Target

JaffaCakes118_abc7fb1438538421c54f5edc027bcd1eea5c7a1aa533adcf7598d92ba6d8b907
Size

351KB
Sample

241222-lbxmrasqen
MD5

d832388fbf3a69313702f93250ef2f1a
SHA1

e6c90255321e6771f4535a5039e6466437f7c334
SHA256

abc7fb1438538421c54f5edc027bcd1eea5c7a1aa533adcf7598d92ba6d8b907
SHA512

545a947a5a603b9d0f7890d7f6b8b4c4a91537ca5712761c3999a63ad7bd1ef946de3f27dc1fce3e534bffce3b4f03c0df3e38e9a0b6bf2432c9ebdf94b817fa
SSDEEP

6144:zWYQ9HnHu8wB2viJ/6YsRaOgMqqs+dgkSt+32VGuqe/pN1TpH79M0lsGLi1hoSQ/:zWYQ9HY96DaOgXV+xytrDtdGZMi1y

Score

10^/10

icedid 3026272684 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

3026272684

C2

hashingold.top

asperuguz.store

loppidoaster.site

hisbacteriu.top

Attributes

auth_var
7
url_path
/posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  3cd73b67eab978afec111b6a80a02b4d
- SHA1
  
  fc5e249d262563cebba991ac51b547f945c75aeb
- SHA256
  
  86c891454dabdee0b63b2a9e4e621e1f179b62be2bfddcf23e2f29180cb99c19
- SHA512
  
  abfeb27a780be75769be9854bd3e7cc311dbf4ef22633d7d1e3454dca3e9ff5e6c28473b80b543ab096bce140cf49c112066961b5b23c6a7c8ba92bc6098e5d9
Score

10^/10

icedid 3026272684 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  mule-x32.tmp
- Size
  
  115KB
- MD5
  
  5cfa729ab0d745d465e1a706ec2c00c2
- SHA1
  
  6eb2e7bc1e5cf1bfb90a3733c486a6680ee69c47
- SHA256
  
  7aff2c54185cf6cc1bb85807517ad18c5441c8e7e93663b79c6bc35b91142337
- SHA512
  
  fd69c5e18e09e9518f7c025ead3a2930e506a6ee73fd948e1923d1b3897ada5b6c8e2d63e743d07e25d805b9df7a2d2c915794048942b1fcc1f057a97e0deabe
- SSDEEP
  
  1536:ANEonq8nKHAQnjUKxMmnwng/MmEs/qTy9Cj3/2GwBpFiTXTK2EEQ:wAx//MmEs/qTy9Cj3/2GwBpFiTKyQ
Score

10^/10

icedid 3026272684 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3026272684bankercore_loadercore_payloadtrojan

behavioral2

icedid3026272684bankercore_loadercore_payloadtrojan

behavioral3

icedid3026272684bankercore_loadertrojan

behavioral4

icedid3026272684bankercore_loadertrojan