icedid | 6f749e35d7f70c86a5d27784a89170a854bae0cfcf5e8d6c2208c815dc1211d7 | Triage

Sharing

General

Target

JaffaCakes118_6f749e35d7f70c86a5d27784a89170a854bae0cfcf5e8d6c2208c815dc1211d7
Size

128KB
Sample

241223-rs27fsskhj
MD5

e8f7d072b2404fd0f4c28cde44ca2fa4
SHA1

7efe870515b8f18bfd4287d0379be8d52d77bc0c
SHA256

6f749e35d7f70c86a5d27784a89170a854bae0cfcf5e8d6c2208c815dc1211d7
SHA512

e3ecf8aafbc881a269ffe6fe4ef27d4eb864dbae3f8b630343df361c28e5ca8dd114d0a73748ad79c97766bd4c82498ed434140356f2315c542110e8a3953b12
SSDEEP

3072:SpTGJHueaqoMl5WyH1nGqufyIVABBgHkIXL8F:SpsH2qXzWyVGkISBiH9QF

Score

10^/10

icedid 4253634279 banker discovery loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

4253634279

C2

saygoodbauy.cyou

lastsallways.cyou

foreversuccess.cyou

budnisjopper.cyou

Attributes

auth_var
4
url_path
/audio/

Targets

- Target
  
  3a7141ec999f7e30f9741a95d881fa47ad848439952b27d05e412318bccdc963
- Size
  
  216KB
- MD5
  
  c9a4c9f7ead1968956f3b186596a6ce3
- SHA1
  
  27f566355c2fa7d960c4aecaa9421141d423df26
- SHA256
  
  3a7141ec999f7e30f9741a95d881fa47ad848439952b27d05e412318bccdc963
- SHA512
  
  470c2980d45ac39a477344ed2c78b685bc99ed2666da14cebbcd06237e24115cda3dd8232b8ff01bca6d9ae5a1dc78953c720c3e9febf69cb9e36439b9960961
- SSDEEP
  
  3072:YsP7XhcYMTl8Wf+muWNgZjQaQHQRrvPKNe+BFtr2YdOJ7ATUYAgs/wZ1Z8iFZ:X7X4apmuW2ZtK/Ftr2XJSVAj/wZHDL
Score

10^/10

icedid banker discovery loader trojan 4253634279
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- IcedID Second Stage Loader
  loader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedid4253634279bankerdiscoveryloadertrojan