Overview

overview

10

Static

static

8

enjoin,12.27.2021.doc

windows7_x64

10

enjoin,12.27.2021.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    enjoin,12.27.2021.doc

  • Size

    77KB

  • Sample

    211231-m85kasfchr

  • MD5

    7044bd240219ec2f83b01c532e2ce5ba

  • SHA1

    745cdbc4a826c5960eef3f4a9aa307ff94e4b7fb

  • SHA256

    ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0

  • SHA512

    8467fc9f63711c8fa460f1f35d42b6528c6e285799d9a19630696dd3a12e24799370eaa6d53e075e60d579a3b4ecef035cf62aac6a1bc96130b392c3931882ee

Score
10/10
icedid2507181075bankermacromacro_on_actionsuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

2507181075

C2

vopnoz.com

Targets

    • Target

      enjoin,12.27.2021.doc

    • Size

      77KB

    • MD5

      7044bd240219ec2f83b01c532e2ce5ba

    • SHA1

      745cdbc4a826c5960eef3f4a9aa307ff94e4b7fb

    • SHA256

      ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0

    • SHA512

      8467fc9f63711c8fa460f1f35d42b6528c6e285799d9a19630696dd3a12e24799370eaa6d53e075e60d579a3b4ecef035cf62aac6a1bc96130b392c3931882ee

    Score
    10/10
    icedid2507181075bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks