enjoin,12.27.2021.doc

General
Target

enjoin,12.27.2021.doc

Size

77KB

Sample

211231-m85kasfchr

Score
10 /10
MD5

7044bd240219ec2f83b01c532e2ce5ba

SHA1

745cdbc4a826c5960eef3f4a9aa307ff94e4b7fb

SHA256

ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0

SHA512

8467fc9f63711c8fa460f1f35d42b6528c6e285799d9a19630696dd3a12e24799370eaa6d53e075e60d579a3b4ecef035cf62aac6a1bc96130b392c3931882ee

Malware Config

Extracted

Family icedid
Campaign 2507181075
C2

vopnoz.com

Targets
Target

enjoin,12.27.2021.doc

MD5

7044bd240219ec2f83b01c532e2ce5ba

Filesize

77KB

Score
10/10
SHA1

745cdbc4a826c5960eef3f4a9aa307ff94e4b7fb

SHA256

ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0

SHA512

8467fc9f63711c8fa460f1f35d42b6528c6e285799d9a19630696dd3a12e24799370eaa6d53e075e60d579a3b4ecef035cf62aac6a1bc96130b392c3931882ee

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    Description

    suricata: ET MALWARE Win32/IcedID Request Cookie

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      10/10