icedid | 570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180 | Triage

Sharing

General

Target

JaffaCakes118_570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180
Size

458KB
Sample

241223-rrcv6ssjgv
MD5

3cbbb7d2ea4bb95aab6c4de5c55089d1
SHA1

c81cbb504fe502d829ee221ff57942c9c3029861
SHA256

570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180
SHA512

d40c8f404d8b87f3d1c5e077a0137e9be7eb54b4c9d02ebb3e98c56509f864a73aeb8e24e64196b2cb010e99e0efe56317dd81ff318900aea6d05fabbd7a0fbf
SSDEEP

12288:ufBBtfewdahbO29W/BTmvZuDflxdwqs8a6DX:ufBBtfAL9WJTmSdwqRZ

Score

10^/10

icedid 2406015698 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

2406015698

C2

commamimubebe.site

asredetyr.site

aszepolityu.fun

likoportio.fun

Attributes

auth_var
6
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  clutch-32.tmp
- Size
  
  214KB
- MD5
  
  1bd7e5d2547d9f2a1c3369bf136b2239
- SHA1
  
  8a3ad35a9623d602d205cd064866fd078ca8dd15
- SHA256
  
  15665c61af4e12f8b6cae1568969ebe0811c29f7236dee1a8f3700d85f61b2ca
- SHA512
  
  178e758f534da7f23e12a37f05b29670321a3c731484368400ea740f3ab30e7777bd81d49b182b134a02f2d10fab31c3cea7d0f92690cb4cf60b5a59f6ab5850
- SSDEEP
  
  6144:B+wQOknBMD7p9SyAUTGweo+sDyR5G+/TPChqZ5rJfyW8ENbe:IwQ6/pERU+Qy6+/DCkZ59Xb
Score

10^/10

icedid 2406015698 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  core.bat
- Size
  
  123B
- MD5
  
  7ed83700f1db2f30269d8d7aab15fc38
- SHA1
  
  787f6c843d5b41562baceeb67d1dea686f0891eb
- SHA256
  
  2db50c09350bd707c6cd1c413f15f5360b8a9cd9145caafa07bffe29d1c6ea51
- SHA512
  
  974202b6def2cc1463452384c94f2d3d562115b7e571170f128197bd6600fffdd73feb4381bd3a647d9f473d88b15838d10e733539b009bd2d29fd2ec257d3f4
Score

10^/10

icedid 2406015698 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2406015698bankercore_loadertrojan

behavioral2

icedid2406015698bankercore_loadertrojan

behavioral3

icedid2406015698bankercore_loadercore_payloadtrojan

behavioral4

icedid2406015698bankercore_loadercore_payloadtrojan