General
Target

charge_12.01.2021.doc

Size

33KB

Sample

211202-ds2zssdgd5

Score
10/10
MD5

18499830201cddade8183b8e24fdf30a

SHA1

55c498cf7273cab567f49a00c15ca3316c001215

SHA256

0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5

SHA512

0a59ed2f3491bbd547d3ae543c6efcf965d1da65c02f900b09d6c75afd92dfc98c4182af7392b9d77b79cf0c17fe30d232449396a3a3be14c96b07ce7718928e

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets
Target

charge_12.01.2021.doc

MD5

18499830201cddade8183b8e24fdf30a

Filesize

33KB

Score
10/10
SHA1

55c498cf7273cab567f49a00c15ca3316c001215

SHA256

0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5

SHA512

0a59ed2f3491bbd547d3ae543c6efcf965d1da65c02f900b09d6c75afd92dfc98c4182af7392b9d77b79cf0c17fe30d232449396a3a3be14c96b07ce7718928e

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      8/10

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      10/10