Overview

overview

10

Static

static

8

require_12...21.doc

windows7_x64

10

require_12...21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Info.zip

  • Size

    43KB

  • Sample

    211202-vmvrzadgf7

  • MD5

    94afaf43eaba5546fa0a3080be483e9a

  • SHA1

    2dbda6657aca1b6f00d8fe50a29fa277fed75662

  • SHA256

    c24b20ace41ccedd3e3fadd93317876f12dab84aa99820a054a07f609a826903

  • SHA512

    b8240d437bf463e5742a0136596f8b4c78ceb5d3558b88a39ff253fd508f967c0128cb2861eb2d78e257444ec44adcce44ea974eb9b33aa0b5147cca2710d971

Score
10/10
icedid1892568649bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets

    • Target

      require_12.02.2021.doc

    • Size

      33KB

    • MD5

      ea2a3a6ee2019332ec68976de398b745

    • SHA1

      94eac84bab3b429867d14ef38342f756cf8de6c6

    • SHA256

      2d56acca994825021827c79404d6670601063151a17367c4087002bbb83b26bf

    • SHA512

      b258e55cecdb12161753f57936fe10325c89f22f0b0f8e982b0205e78dc9fd9afc9f1fc49844a8c08a019d922e3cce43321c300315a3b89e596134bf88ebdbd4

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks