icedid | 6bdadb3e04b16759d56dd630002422a9d6da85beb1909feee5a99d14d5bbfb2a | Triage

Submit
Reports

Overview

overview

Static

static

300 seconds - Win. 10

windows10_x64

Sharing

General

Target

direct-12.08.2020.doc
Size

111KB
Sample

201208-ts3bqmj1gj
MD5

046593bb9cc87ad15cf59af9c1993f55
SHA1

cfbd3b7b82c3ebe22506b2f1375aacf134676c53
SHA256

6bdadb3e04b16759d56dd630002422a9d6da85beb1909feee5a99d14d5bbfb2a
SHA512

cc6a7adb13f62630f4a7198b4c81a4563962c01dd8e54b68dd8fc61df22d55c32047b74d9ed8fcfeadccacfc02f88d56732ab1e23167ceb1f529a0e691028b1a

Score

10^/10

icedid banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

direct-12.08.2020.doc

Resource

win10v20201028

icedid banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  direct-12.08.2020.doc
- Size
  
  111KB
- MD5
  
  046593bb9cc87ad15cf59af9c1993f55
- SHA1
  
  cfbd3b7b82c3ebe22506b2f1375aacf134676c53
- SHA256
  
  6bdadb3e04b16759d56dd630002422a9d6da85beb1909feee5a99d14d5bbfb2a
- SHA512
  
  cc6a7adb13f62630f4a7198b4c81a4563962c01dd8e54b68dd8fc61df22d55c32047b74d9ed8fcfeadccacfc02f88d56732ab1e23167ceb1f529a0e691028b1a
Score

10^/10

icedid banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedidbankertrojan

© 2018-2024

Terms | Privacy