icedid | 663d90c8fd825d445dfa80bd92bd33ae5b19a44788ff3996762f48a9e783ba6c | Triage

Sharing

General

Target

JaffaCakes118_663d90c8fd825d445dfa80bd92bd33ae5b19a44788ff3996762f48a9e783ba6c
Size

578KB
Sample

241222-lvt1zatndk
MD5

e8522c5af19251381b6d383330173f73
SHA1

ab68c5ef8d9d0f2ccd49a15a5d2f3808dd309f76
SHA256

663d90c8fd825d445dfa80bd92bd33ae5b19a44788ff3996762f48a9e783ba6c
SHA512

1c639b308bf55f42c6b706bebc49defd2fae19ebee739c6b534f7b70504d78200b1b692763deb76f01f186e1f9750e112d14fa87b40d5e7df98270b532a3c3e5
SSDEEP

12288:3WYQ9HY96DaOgXV+xytrDtdGZMi1BnmAmOv1H2i4Xal:mYhk+NXVltrDIn1Bbv1W5al

Score

10^/10

icedid 3494996616 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

3494996616

C2

holniakea.com

lhaerty.com

grandtexen.com

flourmat.com

Attributes

auth_var
13
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  182B
- MD5
  
  8f83ce721517e2f12a86ac5ced66d1f2
- SHA1
  
  ca212f7c0f76adad3d4827d477eba6f7fbe74466
- SHA256
  
  bd35badac2604c62981ae658096799944713cddc7b1770cfc9da8cfa73b1908e
- SHA512
  
  13a4e534d2e6b3927516a32524dcad4ce07f580ac8819b6567158dacf50c0f1a1c3136b6c7c56031eb16991467c8c61b9334c7a987a7bac144181f98dad07e6c
Score

10^/10

icedid 3494996616 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  winkx64.dat
- Size
  
  511KB
- MD5
  
  ee8c568d054c55f49ede1a36b54c5744
- SHA1
  
  3021748cefea0c24ca1f40038ca7a02ae69f9c9a
- SHA256
  
  93676744987176413c480f4f4af9a7f3d2daeee84983f53bc49967dadd9a4dcd
- SHA512
  
  1c39954f7e2300bc04eadf74c455f611b4081015f1c6c0cf74f5b2a3f01cf41579c0215ea33dde4315a4cc33bf21b882afa8806566137f8b14e690045a9fe1b2
- SSDEEP
  
  6144:nwKoALI4wCq2KW55hSysVF0VZ0Xk/3wqD4LHIzWPzCgiTuAmfXmVvohOiSscACB5:yPCq2KWsX0VQkoqD4tPramfmozJ9e5
Score

10^/10

icedid 3494996616 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3494996616bankercore_loadercore_payloadtrojan

behavioral2

icedid3494996616bankercore_loadercore_payloadtrojan

behavioral3

icedid3494996616bankercore_loadertrojan

behavioral4

icedid3494996616bankercore_loadertrojan