icedid | d92ebf6aa709e0b057754ad6ace896f899a4e38948cb9cad1474f1cdbca61035 | Triage

Submit
Reports

Overview

overview

Static

static

8

3cdbae4639...5d.doc

windows7_x64

3cdbae4639...5d.doc

windows10_x64

Resubmissions

17-05-2021 10:59

210517-kcce3f4rts 10

12-05-2021 20:31

210512-1xg8d2asge 10

Sharing

General

Target

4794801993842688.zip
Size

39KB
Sample

210512-1xg8d2asge
MD5

20abc82cd5e361cbbe4edec371539776
SHA1

b303a9f031a2a9936328333c5f95ba25b7d869a3
SHA256

d92ebf6aa709e0b057754ad6ace896f899a4e38948cb9cad1474f1cdbca61035
SHA512

2f29416584ed3d2e711db2f948d5d65cb01669916aa253379bed805740208fbed0ac936363e7c347ab2e5f4eae8595e09899d977692b44e5dc7a46d2870a3ac8

Score

10^/10

icedid 2857955836 banker macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

3cdbae46394cd70b74ec9969b270f223ae78f770013cbec0839935eb28a08b5d.doc

Resource

win7v20210410

icedid 2857955836 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3cdbae46394cd70b74ec9969b270f223ae78f770013cbec0839935eb28a08b5d.doc

Resource

win10v20210410

icedid 2857955836 banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Campaign

2857955836

C2

wasthuliok.live

Targets

- Target
  
  3cdbae46394cd70b74ec9969b270f223ae78f770013cbec0839935eb28a08b5d
- Size
  
  46KB
- MD5
  
  344d2afca5777152574ebe8cb649dfdb
- SHA1
  
  0a03be8ab6013f35a26640bfda308c3a942f870e
- SHA256
  
  3cdbae46394cd70b74ec9969b270f223ae78f770013cbec0839935eb28a08b5d
- SHA512
  
  f4f408b05590bf603ac7a736f86c66f4a5b6ee37375596ce6023276c7d72bc500f34ca43a3292e123948c6f4fde3f33657c2919c1605e2153b5341afa992e709
Score

10^/10

icedid 2857955836 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2857955836bankertrojan

behavioral2

icedid2857955836bankertrojan

© 2018-2024

Terms | Privacy