Overview

overview

10

Static

static

8

55899fecd5...d1.doc

windows7_x64

10

55899fecd5...d1.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55899fecd54be0645f470734aa8b7a280a82cdd1.doc

  • Size

    33KB

  • Sample

    211201-p343pacbcp

  • MD5

    864702abb4f17ba0e9fcd2601453e899

  • SHA1

    55899fecd54be0645f470734aa8b7a280a82cdd1

  • SHA256

    152fb47b5b828fd1a76f8d5956e91cecab10b21d16cad4a6864f427d373d031d

  • SHA512

    eff513399f913c3f0a3917ab4ea3ed4519c56ec2f858f13ee24296ba4bd99910a18751b3ace1c65abd45a12d5d1acf67495b16e2b105f1b96f750d5499ee3f5e

Score
10/10
icedid1892568649bankermacrosuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets

    • Target

      55899fecd54be0645f470734aa8b7a280a82cdd1.doc

    • Size

      33KB

    • MD5

      864702abb4f17ba0e9fcd2601453e899

    • SHA1

      55899fecd54be0645f470734aa8b7a280a82cdd1

    • SHA256

      152fb47b5b828fd1a76f8d5956e91cecab10b21d16cad4a6864f427d373d031d

    • SHA512

      eff513399f913c3f0a3917ab4ea3ed4519c56ec2f858f13ee24296ba4bd99910a18751b3ace1c65abd45a12d5d1acf67495b16e2b105f1b96f750d5499ee3f5e

    Score
    10/10
    icedid1892568649bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks