Overview

overview

10

Static

static

dictate.12.20.doc

windows7_x64

10

dictate.12.20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dictate.12.20.doc

  • Size

    80KB

  • Sample

    201218-z3hw22fnwa

  • MD5

    62c50cfe2bf091d4467d173269013bc1

  • SHA1

    3aa44d53b3f6a7e819aef69f11f5f3bd7c9c76e1

  • SHA256

    30739a63f06056178c395aea513686a49652ed9cb7f81c4baabee6cd8f950c9f

  • SHA512

    c86444b42e7633ac05f349fa363de6e0537579cf86aff4158737a32f7298f6b7ee7eeaabc1d628f576facef0c2541a1150c6adce3d4e773b31a132006933c20e

Score
10/10
icedidbankertrojan

Malware Config

Targets

    • Target

      dictate.12.20.doc

    • Size

      80KB

    • MD5

      62c50cfe2bf091d4467d173269013bc1

    • SHA1

      3aa44d53b3f6a7e819aef69f11f5f3bd7c9c76e1

    • SHA256

      30739a63f06056178c395aea513686a49652ed9cb7f81c4baabee6cd8f950c9f

    • SHA512

      c86444b42e7633ac05f349fa363de6e0537579cf86aff4158737a32f7298f6b7ee7eeaabc1d628f576facef0c2541a1150c6adce3d4e773b31a132006933c20e

    Score
    10/10
    icedidbankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks