Severity
Medium
Analysis Summary
IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe
Impact
- Stealing financial information
- Exposure of sensitive data
Indicators of Compromise
MD5
- 14163f9e8a6d5f456d71618775831750
- 89bee605f4b726bb0fccb378c22d02cd
- c1440ec09eab1f20bc3a19bf9896ce15
- 36f662b3c9a54c0c2427602f1463eb69
- 2afcb892c0114000ef9664e45d1aea15
- d6b3278ea67cd6b78735d244d1ff2c96
- 4330492598c516c9cf0fd23c3ea4fd14
- 683c6508947097200a43fcab51809582
SHA-256
- 8bc8ba7d002713b6ec2d912d68f6b74eae11f001a6200cda12a0e0f170a23356
- 1d4ecd52ab85b7f5229f00ee10d438286e361d4c304000abca8b3dcbe1d7c720
- b6998a7d616d36dc5700957d025b9abeca6d3d6eb74f770a88f448dffbd16ce7
- d836a03e0b7eeabbc971de7d3e6fcc11bf06e13e633d11118c7429b3abb3c4ed
- d004a793d71800e6358a7dc5322b8bc226739828bb9dfe8d2f62387412670d70
- 24e82dbb33057c2b62ea809e5cd162c6440071da8c498feba79b7db0e3bf0d92
- d09206af70338dcd9a16ecdbae1705f8364ad9b40d4e28d8b8ef32ad302a7353
- 392af20cd2fbfcee0fbc03a986c32158a58e50cf6fd24abef54d4390f960eb0a
SHA-1
- 80e537fafeb089db02f25adcd20f45d555f10431
- de676173aa2a7b9de8a4631f70b4ded25f2b41ae
- 470644d33ef232e789507a01df81a5bf3352871b
- 7e46615097282ac51ef08d3e4ac7d65ce6684a07
- b6f0dd26ffce6dd5cd74779cdd61b208ed0a6414
- 0628f84a9ff1b70d0ee93693e509da3cf7cd92f5
- c144152ef9b1ac38728380c6492ddb393c1b7304
- 3ab8d565a5ecb6e81997ba84c2ce168f257bcb8f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment