Overview

overview

10

Static

static

8

0cd4919a_b...is.doc

windows7_x64

10

0cd4919a_b...is.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cd4919a_by_Libranalysis

  • Size

    76KB

  • Sample

    210505-xn5gvqt7bx

  • MD5

    0cd4919a4b60e0d941b865d1dc479e7f

  • SHA1

    e89b0550749e2f36a4415dfa6c371429de096e06

  • SHA256

    51f20415064147e3eeed504a3c53c5850150840896e91bdfc815cfafd2e5679c

  • SHA512

    3c6ae61a68156b73185970716b9c9fd75ebe6f97cf1e8b5244ed73265c4a11433728af7bc6961ba87ca4502f92b9dbea8a9e1540953402797e19765f4134361d

Score
10/10
icedid1386562008bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1386562008

C2

zasertiokil.top

Targets

    • Target

      0cd4919a_by_Libranalysis

    • Size

      76KB

    • MD5

      0cd4919a4b60e0d941b865d1dc479e7f

    • SHA1

      e89b0550749e2f36a4415dfa6c371429de096e06

    • SHA256

      51f20415064147e3eeed504a3c53c5850150840896e91bdfc815cfafd2e5679c

    • SHA512

      3c6ae61a68156b73185970716b9c9fd75ebe6f97cf1e8b5244ed73265c4a11433728af7bc6961ba87ca4502f92b9dbea8a9e1540953402797e19765f4134361d

    Score
    10/10
    icedid1386562008bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks