Overview

overview

10

Static

static

dictate.01...20.doc

windows7_x64

10

dictate.01...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dictate.010.20.2020.doc

  • Size

    144KB

  • Sample

    201020-bavcydj87e

  • MD5

    8b6e51316d0f4438405703d6fc80572d

  • SHA1

    c108cceafff48747c2bccb263e67c4210e03e56b

  • SHA256

    0214ea69e74d09448990947bdef6b00f106cf4ff823be33b347b41861bbfed3d

  • SHA512

    b8db1ea3914fae31c04177486cd895f8d24e5e27f0f8f8f252db4ec42ea4bedaba689965550b41aa90bf512d066183cecad2b46df8f1ce308b59659ae62b3cca

Score
10/10
icedid1949629567bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1949629567

Targets

    • Target

      dictate.010.20.2020.doc

    • Size

      144KB

    • MD5

      8b6e51316d0f4438405703d6fc80572d

    • SHA1

      c108cceafff48747c2bccb263e67c4210e03e56b

    • SHA256

      0214ea69e74d09448990947bdef6b00f106cf4ff823be33b347b41861bbfed3d

    • SHA512

      b8db1ea3914fae31c04177486cd895f8d24e5e27f0f8f8f252db4ec42ea4bedaba689965550b41aa90bf512d066183cecad2b46df8f1ce308b59659ae62b3cca

    Score
    10/10
    icedid1949629567bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks