Overview

overview

10

Static

static

deed contr...20.doc

windows7_x64

10

deed contr...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deed contract.12.20.doc

  • Size

    95KB

  • Sample

    201214-7vjprst1ra

  • MD5

    2978b0f5ac8aa0ae57c07945f3688bf4

  • SHA1

    8668a15c75e4d372f59fe80fc5a48985ecedccec

  • SHA256

    1036fe653636af27b30a541d77d2d13f96fc373abd6100e36dc13a35e4c80532

  • SHA512

    e8ee0f7f8ff3e7cd5774bef94d874011de9bdb2bf2cc4a105a525b0f4f7cc4fffe37a0b17efbbe13e4cd3505fe2b6a99a8f85d923de4e9aa4e13aeab6434b864

Score
10/10
icedidbankertrojan

Malware Config

Targets

    • Target

      deed contract.12.20.doc

    • Size

      95KB

    • MD5

      2978b0f5ac8aa0ae57c07945f3688bf4

    • SHA1

      8668a15c75e4d372f59fe80fc5a48985ecedccec

    • SHA256

      1036fe653636af27b30a541d77d2d13f96fc373abd6100e36dc13a35e4c80532

    • SHA512

      e8ee0f7f8ff3e7cd5774bef94d874011de9bdb2bf2cc4a105a525b0f4f7cc4fffe37a0b17efbbe13e4cd3505fe2b6a99a8f85d923de4e9aa4e13aeab6434b864

    Score
    10/10
    icedidbankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks