Overview

overview

10

Static

static

specifics,...20.doc

windows7_x64

10

specifics,...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    specifics,12.16.2020.doc

  • Size

    92KB

  • Sample

    201217-xjflh84rzj

  • MD5

    ddf0d9e3d86f7542de8f619f00a7725a

  • SHA1

    082ba5b236a3b9a0ae5d8d6a070c3e764792e7f2

  • SHA256

    7561a0f5134bf3dbaa34d09f2a20dc01057626e74d7df42072bef06d6bd6ee95

  • SHA512

    7daf04c544334ba04c7f0e2b6654fee58ecf85cc4dabd42d9237a72d4d0beb833c4d72dfff9cc2f957b8eb6c68d18dcf4b24d919ca11ee88e24224619301c3d7

Score
10/10
icedidbankertrojan

Malware Config

Targets

    • Target

      specifics,12.16.2020.doc

    • Size

      92KB

    • MD5

      ddf0d9e3d86f7542de8f619f00a7725a

    • SHA1

      082ba5b236a3b9a0ae5d8d6a070c3e764792e7f2

    • SHA256

      7561a0f5134bf3dbaa34d09f2a20dc01057626e74d7df42072bef06d6bd6ee95

    • SHA512

      7daf04c544334ba04c7f0e2b6654fee58ecf85cc4dabd42d9237a72d4d0beb833c4d72dfff9cc2f957b8eb6c68d18dcf4b24d919ca11ee88e24224619301c3d7

    Score
    10/10
    icedidbankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks