Overview

overview

10

Static

static

files.12.20.doc

windows7_x64

10

files.12.20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    files.12.20.doc

  • Size

    76KB

  • Sample

    201207-7xzbkybtz6

  • MD5

    277c10ae03a3921e32a583433bf9da1b

  • SHA1

    a3dd37ef2a327ab4b835c493bc25ca720837af23

  • SHA256

    2016bab0c36eafaba9a47f2872310f48613e055492bb7b450ce807cec8ed0a53

  • SHA512

    a48caa5d129eb97779483e84e2fe2f6cb07caea7e239e1a2216b9eaf67ce427c6ba475f7e92907b2d12884281f95775e8ed684ae5c769a9bb1a71690e52ded5b

Score
10/10
icedidbankertrojan

Malware Config

Targets

    • Target

      files.12.20.doc

    • Size

      76KB

    • MD5

      277c10ae03a3921e32a583433bf9da1b

    • SHA1

      a3dd37ef2a327ab4b835c493bc25ca720837af23

    • SHA256

      2016bab0c36eafaba9a47f2872310f48613e055492bb7b450ce807cec8ed0a53

    • SHA512

      a48caa5d129eb97779483e84e2fe2f6cb07caea7e239e1a2216b9eaf67ce427c6ba475f7e92907b2d12884281f95775e8ed684ae5c769a9bb1a71690e52ded5b

    Score
    10/10
    icedidbankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks