icedid | bd364fb3af74caaf238a09544392c50318876dfb43496b2a81877ebde76b275e | Triage

Sharing

General

Target

JaffaCakes118_bd364fb3af74caaf238a09544392c50318876dfb43496b2a81877ebde76b275e
Size

342KB
Sample

241222-ye2r4awrht
MD5

23b45c2e86e7cd98654d3d976299fdf1
SHA1

4c9fc1e8f014e3682b41492b7cd09cafac4a219c
SHA256

bd364fb3af74caaf238a09544392c50318876dfb43496b2a81877ebde76b275e
SHA512

eaa4ef6e9f94e0af73943da4ce17c54fb78a3e852d182dcf05d7c17a2182b85f4f921adc45585c9d3ac2db2f5a96e38c073cf62555736c8981dea7010f11c89b
SSDEEP

6144:L8mWsUpV4IC9XWh8qdbhwDK2MFMSIVDRBTfSrwkpTrQ4:L8mWsQV4l9gLhwDK2MK/V9BT8wAfQ4

Score

10^/10

icedid 4221486031 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

gladmitter.com

Attributes

auth_var
3
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core/cmd.bat
- Size
  
  191B
- MD5
  
  9ebdcb3350524d80cff6a688c1c581a7
- SHA1
  
  efa710ad4ab3e8740c5d87ee01331a2d46ff5a9f
- SHA256
  
  6056a971ae6dcf1c7ca49a8fa845964ab9885033bf528fce7e079a9cce82da22
- SHA512
  
  762690b7fab657ba1cf69dda5a7e602b4055cfc42fc75cdb9c7c286c8abb8c8d92a7ef15af8f9a861a84be8e83bcbfd1861979d7f51ba6805beb8dd8a76e714c
Score

10^/10

icedid 4221486031 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  core/syrupx64.dat
- Size
  
  31KB
- MD5
  
  051c37b2a61be7d6423f6bb0e903de24
- SHA1
  
  7ad50ed7e25b7a00416fd988e4785095a37cb534
- SHA256
  
  65f7d007aec8c9a9e7dec1e1a4325762a57d701209bdc42f219dbf93803ef238
- SHA512
  
  4c16feca4e3e2a6281b12902fd2e7c1d975fd9a666598e1e6dc65fae813f364e7f58543301cef3ab3961d3a43c369bce50903ce6e48a74acb211f1e70c164ab3
- SSDEEP
  
  384:91fb0lSeiERRupSiTIOCq70HvydSeAcCSenPjSeCq8QoKQNzecf:91T0UwirE7HKcDyi+Dx1em
Score

10^/10

icedid 4221486031 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid4221486031bankercore_loadercore_payloadtrojan

behavioral2

icedid4221486031bankercore_loadercore_payloadtrojan

behavioral3

icedid4221486031bankercore_loadertrojan

behavioral4

icedid4221486031bankercore_loadertrojan