icedid | 9583faaa2b9f2e6210d7877602318ac9a620fc079662db679c6d02f47b0d17e0 | Triage

Sharing

General

Target

JaffaCakes118_9583faaa2b9f2e6210d7877602318ac9a620fc079662db679c6d02f47b0d17e0
Size

389KB
Sample

241222-zzhqdszkal
MD5

05eb3ee8bd60fb3419b18d0acdcbc35f
SHA1

acb9417fb41895a6ec966124863a050723b8634d
SHA256

9583faaa2b9f2e6210d7877602318ac9a620fc079662db679c6d02f47b0d17e0
SHA512

1cfc39172d2ae9d7fe4eabe2659ad9df7fd15ee228c2d1c6398e665b3cda907b0273b75768b1d629bffc3d15703151a835c0d0c7752e7784ec4a864a1e8c8daf
SSDEEP

6144:+WYQ9HnHu8wB2viJ/6YsRaOgMqqs+dgkSt+32VGuqe/pN1TpH79M0lsGLi1hoSQJ:+WYQ9HY96DaOgXV+xytrDtdGZMi1Ymon

Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  f6201911f3bd2a3919938b0b1ea87001
- SHA1
  
  f518b32411b5634a6d6b0d49f5a356291212e4de
- SHA256
  
  f4ff5b70fef8637130785d5f2a619ecf7d5cf3907500b9c465ae6f75ba05c41f
- SHA512
  
  161ce6586d060eb30e69c69da44635d8a4cb3922ea4cc7fc6adb7afdbbd7b434859de773200009cd5654d780d31d3dee39e9e4a040a2257c4d0e6e56f51e69a7
Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  false-64.tmp
- Size
  
  119KB
- MD5
  
  68f9ae07d149ab96cd3111e3cafd82c7
- SHA1
  
  7f3d516e1ce5b60f9ab0cfcdbd903b4fdbc05680
- SHA256
  
  02409f390f1c22afb54028c57c8c61d0ecdc609a4b59e1edcec15693dfe3d4d2
- SHA512
  
  3addc218c768224ce55c10fa91b603e7f6190ef068665ed42ee818088231649e4f1170837b491a5c2abe4f3e3e8984b7f0f7c1e5572731c77242a2a773b4fadb
- SSDEEP
  
  1536:y0YQOiboI9FEcpGOQ/Wf/dymU/Jcjqef2YQmUuFx1mdBLA4yz8YNKJlxH8L5vSwD:y0YQOIoifHQ/YdAcaRQM8DvT
Score

10^/10

icedid 1892568649 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral2

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral3

icedid1892568649bankercore_loadertrojan

behavioral4

icedid1892568649bankercore_loadertrojan