Description
IcedID is a banking trojan capable of stealing credentials.
General
Target
Size
Sample
charge_12.01.2021.doc
33KB
211202-ds2zssdgd5
Score
10/10
MD5
SHA1
SHA256
SHA512
18499830201cddade8183b8e24fdf30a
55c498cf7273cab567f49a00c15ca3316c001215
0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5
0a59ed2f3491bbd547d3ae543c6efcf965d1da65c02f900b09d6c75afd92dfc98c4182af7392b9d77b79cf0c17fe30d232449396a3a3be14c96b07ce7718928e
Malware Config
Extracted
| Family | icedid |
| Campaign | 1892568649 |
| C2 |
normyils.com |
Targets
Target
MD5
Filesize
charge_12.01.2021.doc
18499830201cddade8183b8e24fdf30a
33KB
Score
10/10
SHA1
SHA256
SHA512
55c498cf7273cab567f49a00c15ca3316c001215
0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5
0a59ed2f3491bbd547d3ae543c6efcf965d1da65c02f900b09d6c75afd92dfc98c4182af7392b9d77b79cf0c17fe30d232449396a3a3be14c96b07ce7718928e
Tags
Signatures
-
IcedID, BokBot
-
Process spawned unexpected child process
Description
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
8/10
behavioral1
Score
10/10
behavioral2
Score
10/10