icedid | 9085c7119d7a03c90c220455e25ec2f614bf6a2f3887865e216ce26c105d299b | Triage

Sharing

General

Target

JaffaCakes118_9085c7119d7a03c90c220455e25ec2f614bf6a2f3887865e216ce26c105d299b
Size

658KB
Sample

241222-n6c8psxnhn
MD5

5e65abb2d583947e9abaee97392dc643
SHA1

b4b28234693a8901d72fc95f00b06c2f08fc6478
SHA256

9085c7119d7a03c90c220455e25ec2f614bf6a2f3887865e216ce26c105d299b
SHA512

35947ac142a5515defdf941d41a069cd63df99ed5054facfde40471ff4108e6905f86031bc662d15d7f3b583a647a7a481ba6e41300a2f8ebd7cca445fcc3539
SSDEEP

12288:sK14b4389a83V0osG9Uddv3iS3GDDnc77T2F20egyV4HtE4sbB7sHyXaH:f4bJ9a8l0BG9UhWPnk2FvyVStk75w

Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core/cmd.bat
- Size
  
  192B
- MD5
  
  ac0f914288f8731b7122b83f1c7ffb2a
- SHA1
  
  bc3fd58cf4b1688f0eaf1937924e7ab9e41bc7ee
- SHA256
  
  d297edf3654a1e495d7a681f085bbb481b701efd2f05dbb07e5e2822da256473
- SHA512
  
  5ad6962ad11432e826652fe0df13f6db76b93be34f59bcf2064d901a9e5e4e63b792d0e2b7a067eea51d8d3034e03cdae60a3281622a2f33d45860981f67d5db
Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  core/rewardx64.dat
- Size
  
  1.1MB
- MD5
  
  dee045f7acc05c9515d7b8f13fe30c20
- SHA1
  
  3b126d36af1dc4cbbedb10c609e8c04bb0eb80b9
- SHA256
  
  e67f36dfccd09fab712fdf03fb9441997006663e52deb30bcb8b4c7f1cea68c5
- SHA512
  
  22b01630ba589876dc464890a8549ebeb751d04b93e40968a03ae47a971c264ad279a4574a53ec5ba3d3752711e77807450fe3c8dd744617a86c2216f8a95f2f
- SSDEEP
  
  12288:5SsSmIVXBo9Oa1K8J/+UoBSXsIvdbc/PS2hRI:5tSjVXBz2uUXlc/Pt/I
Score

10^/10

icedid 1892568649 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral2

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral3

icedid1892568649bankercore_loadertrojan

behavioral4

icedid1892568649bankercore_loadertrojan