Overview

overview

10

Static

static

8

5e6f7611_b...is.doc

windows7_x64

10

5e6f7611_b...is.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e6f7611_by_Libranalysis

  • Size

    46KB

  • Sample

    210512-eerj67n8m6

  • MD5

    5e6f7611a06e85b75cfee330aa78f24d

  • SHA1

    a5185fda51374567ae666cea5ef582befd789572

  • SHA256

    1deea8182d2de797c52dd703c864f3b6f44a3a8cb0e8af389062884c928c5f29

  • SHA512

    fee01b8a7e674c9d1369f5803cd05985961a07277e5ada40692836ad567ce714788dca1dfca598c348c6d73688e18e488d6b5c6b4fb63cb21bd1fdcb8408f26d

Score
10/10
icedid2857955836bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

2857955836

C2

tyretclaster.club

Targets

    • Target

      5e6f7611_by_Libranalysis

    • Size

      46KB

    • MD5

      5e6f7611a06e85b75cfee330aa78f24d

    • SHA1

      a5185fda51374567ae666cea5ef582befd789572

    • SHA256

      1deea8182d2de797c52dd703c864f3b6f44a3a8cb0e8af389062884c928c5f29

    • SHA512

      fee01b8a7e674c9d1369f5803cd05985961a07277e5ada40692836ad567ce714788dca1dfca598c348c6d73688e18e488d6b5c6b4fb63cb21bd1fdcb8408f26d

    Score
    10/10
    icedid2857955836bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks