icedid | 4e2985f816d8030cd490e4d8c06356fc236c08410ec40677f0dfa26e4d08a701 | Triage

Sharing

General

Target

JaffaCakes118_4e2985f816d8030cd490e4d8c06356fc236c08410ec40677f0dfa26e4d08a701
Size

362KB
Sample

241222-p9v4csypd1
MD5

0b5951c2ed90ea5c0171490edeb32b93
SHA1

0b3e7cb821c6845f72f2c6f61b3d3f463d1becd2
SHA256

4e2985f816d8030cd490e4d8c06356fc236c08410ec40677f0dfa26e4d08a701
SHA512

30186d76bd05a2aba68175d9f810afe5ed4db2629da0b7288fddfc876e3dcaee9f2bfa21d217254edf6ad12a5f29177764057fd35c763ebd44a581080604a998
SSDEEP

6144:MCHOdzMdSC81UujxPmIhjPWuCege7ZxqCG7xOwVZW8xbCQ+v2kA8:jszC81fjxH5Wu7ZIXpxbwDA8

Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

essaipienure.space

Attributes

auth_var
6
url_path
/posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core/asthma-x64.tmp
- Size
  
  73KB
- MD5
  
  71db9df9cb24b947a8f8ea8c0ecb5676
- SHA1
  
  28b4c7204fa870a3fa525dbbcbaa07a60dac9ab7
- SHA256
  
  df8b256a1a49a7d6b997adc8d4aac93f29c24d0a76520a0b08b6944b71d4022d
- SHA512
  
  dd9267635f48b5b79891ecbe96e568cedc6f79fcaf9d7b1619ad10cc8e86958561086991b305e34d42fb15d2f5db083a86920da468a6811934f2ade9d0abc80e
- SSDEEP
  
  1536:LxHA+2l2hwkynMDv/vXRErZOKyhNHMt0v3ooBxaq7tSVq:LxHA+2l2hwk4MzvRErZ/yh5ML6
Score

10^/10

icedid 1217670233 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  core/cmd.bat
- Size
  
  193B
- MD5
  
  3a381435fb992cd5ae34c6e84ea6d409
- SHA1
  
  941e0ee20e5c1fef2f76833d3b060491da17bef0
- SHA256
  
  4373f87735a69af9812956a8821a3fccac5aa3a6cd0a832973b03da9573a787a
- SHA512
  
  ba4e0c6fcb543978542294084442a0fe964ec0f093e68814548bcfa93447d82d8a7f232c232380ea051289f81173da0876dee640deafa7bdc83ced2ac02aacfa
Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1217670233bankercore_loadertrojan

behavioral2

icedid1217670233bankercore_loadertrojan

behavioral3

icedid1217670233bankercore_loadercore_payloadtrojan

behavioral4

icedid1217670233bankercore_loadercore_payloadtrojan