IcedID: When ice burns through bank accounts
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 25a461c2-9946-48e7-8d1d-ea6de67d7f8c |
| Fingerprint | be771d5b68b52095 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 29, 2020, midnight |
| Added to db | Aug. 30, 2024, 11:51 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | UNKNOWN |
| Title | IcedID: When ice burns through bank accounts |
| Detected Hints/Tags/Attributes | 99/3/44 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.group-ib.com/icedid |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 36 | ✔ | Blog Group-IB | https://blog.group-ib.com/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 13 | habr.com |
|
| Details | Domain | 295 | amazon.com |
|
| Details | Domain | 6 | sysopfb.github.io |
|
| Details | Domain | 47 | www.malware-traffic-analysis.net |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 1 | poloturtles.top |
|
| Details | Domain | 1 | robertogunez.xyz |
|
| Details | Domain | 1 | gotofresno.xyz |
|
| Details | Domain | 1 | fordthunderbirth.site |
|
| Details | Domain | 1 | luxcarlegend.top |
|
| Details | Domain | 1 | nicebirththunder.cloud |
|
| Details | Domain | 1 | totheocean.pw |
|
| Details | File | 3 | icedids-updated-photoloader.html |
|
| Details | File | 816 | index.html |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1 | bot.ini |
|
| Details | File | 1 | olniyueu3.dll |
|
| Details | File | 62 | fodhelper.exe |
|
| Details | File | 34 | eventvwr.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 31 | microsoftedgecp.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 15 | mswsock.dll |
|
| Details | File | 2 | ssl3.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | md5 | 1 | c897c555d395627dedf7e9e91623f54c |
|
| Details | md5 | 1 | f89d448700de774c0b27762f327bd13f |
|
| Details | md5 | 1 | ca59e8c577f8476dce210bc51c8daf9a |
|
| Details | md5 | 1 | c7ebf2e9976f494355fee936749202a3 |
|
| Details | md5 | 1 | 589b2d1eff18b651f8344e6a40f6cecf |
|
| Details | md5 | 1 | 753a45bfeb6877c2d9d841824d8f59a8 |
|
| Details | md5 | 1 | 6A44BEFDED3DA2245EF3A78E396CE5E0 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | https://habr.com/ru/company/group-ib/blog/418189 |
|
| Details | Url | 3 | https://sysopfb.github.io/malware,/icedid/2020/04/28/icedids-updated-photoloader.html |
|
| Details | Url | 2 | https://www.malware-traffic-analysis.net/2020/05/01/index.html |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/fowler |
|
| Details | Windows Registry Key | 9 | HKEY_CURRENT_USER\Software\Classes\CLSID |
|
| Details | Windows Registry Key | 582 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Classes\ms-settings\Shell\Open\command |
|
| Details | Windows Registry Key | 16 | HKCU\Software\Classes\mscfile\shell\open\command |