Overview

overview

10

Static

static

8

Purchaseco...6.xlsm

windows7_x64

10

Purchaseco...6.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchaseconfirmation-137606.xlsm

  • Size

    185KB

  • Sample

    210706-l6kp5et2c6

  • MD5

    732851906622ca3c151360bdfda8b3f2

  • SHA1

    8a365e71a0fc1f1ae38faef239ab085001b5f83f

  • SHA256

    89aabd4ab6b696b3e9f74a04f27c4bc12f90b3a30855a403767ed525baec1736

  • SHA512

    418e1d04b0e5d11296554ecd0c9cfaf6cf414a416cea3088c15ee5c01baa304c7315d1688b2782627bcd791ae00b8c8757c48bf4afee6faaa79929980c4a8a34

Score
10/10
icedid3565085024bankermacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://thousandsyears.download/div/44376,8555986111.jpg
xlm40.dropper

http://voopeople.fun/div/44376,8555986111.jpg
xlm40.dropper

http://uppercilio.fun/div/44376,8555986111.jpg

Extracted

Family

icedid

Campaign

3565085024

C2

astrocycle.download

Targets

    • Target

      Purchaseconfirmation-137606.xlsm

    • Size

      185KB

    • MD5

      732851906622ca3c151360bdfda8b3f2

    • SHA1

      8a365e71a0fc1f1ae38faef239ab085001b5f83f

    • SHA256

      89aabd4ab6b696b3e9f74a04f27c4bc12f90b3a30855a403767ed525baec1736

    • SHA512

      418e1d04b0e5d11296554ecd0c9cfaf6cf414a416cea3088c15ee5c01baa304c7315d1688b2782627bcd791ae00b8c8757c48bf4afee6faaa79929980c4a8a34

    Score
    10/10
    icedid3565085024bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks