Overview

overview

10

Static

static

8

deed contr...21.doc

windows7_x64

10

deed contr...21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deed contract 12.15.2021.doc

  • Size

    42KB

  • Sample

    211215-qrtm9ahef3

  • MD5

    5743e3edb2bf64fe08e5e9a6ea24cd7e

  • SHA1

    4bd0151fa9520c9886f7d7a250596687b52bfa81

  • SHA256

    f604ca55de802f334064610d65e23890ab81906cdac3f8a5c7c25126176289c8

  • SHA512

    8728257bd9a6d3fc252b3fa56ece7b6b81f7ac9608327cf7984600ffb277ac3ba9ebe0bc10bca5b2267a9cf1e9025aea95309efcfb05db6e3f381454ff1296a7

Score
10/10
icedid1694525507bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1694525507

C2

firenicatrible.com

Targets

    • Target

      deed contract 12.15.2021.doc

    • Size

      42KB

    • MD5

      5743e3edb2bf64fe08e5e9a6ea24cd7e

    • SHA1

      4bd0151fa9520c9886f7d7a250596687b52bfa81

    • SHA256

      f604ca55de802f334064610d65e23890ab81906cdac3f8a5c7c25126176289c8

    • SHA512

      8728257bd9a6d3fc252b3fa56ece7b6b81f7ac9608327cf7984600ffb277ac3ba9ebe0bc10bca5b2267a9cf1e9025aea95309efcfb05db6e3f381454ff1296a7

    Score
    10/10
    icedid1694525507bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks