Overview

overview

10

Static

static

8

6a2284c4_b...is.doc

windows7_x64

10

6a2284c4_b...is.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a2284c4_by_Libranalysis

  • Size

    79KB

  • Sample

    210505-5s8hmxnnh6

  • MD5

    6a2284c46a3161595bb897a30a050a07

  • SHA1

    43835ffc5825b34a8dedd24df716cbdd783fec80

  • SHA256

    66cd58060e69d133acc2b9ffec752d8461a528ede47ec07f56bdafa5992cea4b

  • SHA512

    e5bd62449f9e3488fe8fcd6b64e7409b33ef5f0569b8610f23efe8c25dfbcace4e82866b530473e5438d567552e3e446e24c31ebd0d092c9ae943f144643eae0

Score
10/10
icedid2925066312bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

2925066312

C2

barcafokliresd.top

Targets

    • Target

      6a2284c4_by_Libranalysis

    • Size

      79KB

    • MD5

      6a2284c46a3161595bb897a30a050a07

    • SHA1

      43835ffc5825b34a8dedd24df716cbdd783fec80

    • SHA256

      66cd58060e69d133acc2b9ffec752d8461a528ede47ec07f56bdafa5992cea4b

    • SHA512

      e5bd62449f9e3488fe8fcd6b64e7409b33ef5f0569b8610f23efe8c25dfbcace4e82866b530473e5438d567552e3e446e24c31ebd0d092c9ae943f144643eae0

    Score
    10/10
    icedid2925066312bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks