Overview

overview

10

Static

static

prescribe ...20.doc

windows7_x64

10

prescribe ...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prescribe -010.20.2020.doc

  • Size

    102KB

  • Sample

    201020-sh1xgaeml2

  • MD5

    21d971c4dae25216e0caf51431072a7a

  • SHA1

    e46920935500cdfc1d64597806a0cd9485a8435a

  • SHA256

    f5c3bc03dc3e7149e72828e94fbf85d530da390af10bbd73a76ca1e8c9af3c9c

  • SHA512

    367645cf23115f631b97585c6583fa185b39d3c6a773ce2a68cc5599a2d8db31c09e5b393161f38573c1d01e6e84203750aa406b536536fed81b9cd98861cb38

Score
10/10
icedid1949629567bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1949629567

Targets

    • Target

      prescribe -010.20.2020.doc

    • Size

      102KB

    • MD5

      21d971c4dae25216e0caf51431072a7a

    • SHA1

      e46920935500cdfc1d64597806a0cd9485a8435a

    • SHA256

      f5c3bc03dc3e7149e72828e94fbf85d530da390af10bbd73a76ca1e8c9af3c9c

    • SHA512

      367645cf23115f631b97585c6583fa185b39d3c6a773ce2a68cc5599a2d8db31c09e5b393161f38573c1d01e6e84203750aa406b536536fed81b9cd98861cb38

    Score
    10/10
    icedid1949629567bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks