Overview

overview

10

Static

static

8

statistics...21.doc

windows7_x64

10

statistics...21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    statistics 12.02.21.doc

  • Size

    33KB

  • Sample

    211202-rdvttscee7

  • MD5

    d0c52ca636c75558a9960b9460f3bb7d

  • SHA1

    892c54f1552e79b3b4194654b12d6294c95f0688

  • SHA256

    25025b6b0a8ef05dbfe14c1bd171afc55ed723d135df3ae59abaa39fabc0ea10

  • SHA512

    3e2a9bfd2a21e43a97818b8ddb033a1fb2fcd88a3aed6a490428369e7b5b2ca2f86beb034531a8dc9742de81492e25f198c55d3ec2526828b417b19511b9ab36

Score
10/10
icedid1892568649bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets

    • Target

      statistics 12.02.21.doc

    • Size

      33KB

    • MD5

      d0c52ca636c75558a9960b9460f3bb7d

    • SHA1

      892c54f1552e79b3b4194654b12d6294c95f0688

    • SHA256

      25025b6b0a8ef05dbfe14c1bd171afc55ed723d135df3ae59abaa39fabc0ea10

    • SHA512

      3e2a9bfd2a21e43a97818b8ddb033a1fb2fcd88a3aed6a490428369e7b5b2ca2f86beb034531a8dc9742de81492e25f198c55d3ec2526828b417b19511b9ab36

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks