Overview

overview

10

Static

static

material.12.20.doc

windows7_x64

10

material.12.20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    material.12.20.doc

  • Size

    95KB

  • Sample

    201214-ejkcgzbce6

  • MD5

    e781b7a68e2b0837930a931fd20d0778

  • SHA1

    ae7ace6543f4be34bf9a0e159c32e1b159a12119

  • SHA256

    6b798509b2854bcadfa6d1a22d4478cc45a204a810930937969c935032c7d09e

  • SHA512

    dc81b36b97757a8d227112d897f3aed582556fd12470a11acf3d72c0e1ad4f23ea8f300d54593750b3c857c3be68c10c7f13450dd927b7c7ad2072334b2c2dd9

Score
10/10
icedidbankertrojan

Malware Config

Targets

    • Target

      material.12.20.doc

    • Size

      95KB

    • MD5

      e781b7a68e2b0837930a931fd20d0778

    • SHA1

      ae7ace6543f4be34bf9a0e159c32e1b159a12119

    • SHA256

      6b798509b2854bcadfa6d1a22d4478cc45a204a810930937969c935032c7d09e

    • SHA512

      dc81b36b97757a8d227112d897f3aed582556fd12470a11acf3d72c0e1ad4f23ea8f300d54593750b3c857c3be68c10c7f13450dd927b7c7ad2072334b2c2dd9

    Score
    10/10
    icedidbankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks