icedid | 65b208943d8cf82af902c39400bdd7a26fdbc94c23f9d4494cf0a2ca51233213

General

Target

Мобілізаційний реєстр.xls
Size

32KB
Sample

220414-ltbs1aahgp
MD5

9f33887a8e76c246753e71b896a904b3
SHA1

19fa96a6d69146fceef3f3804cd978ec24adb3eb
SHA256

65b208943d8cf82af902c39400bdd7a26fdbc94c23f9d4494cf0a2ca51233213
SHA512

a3a37f55c185aafeb728335ab54c378adbc5e1a11a3079f3af7d16f4e5635d183017d6fa1eb22f706df2eabaf6fc3864259ef51422b3e392843d2825ebe358e0

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

2352744503

C2

rivertimad.com

Targets

- Target
  
  Мобілізаційний реєстр.xls
- Size
  
  32KB
- MD5
  
  9f33887a8e76c246753e71b896a904b3
- SHA1
  
  19fa96a6d69146fceef3f3804cd978ec24adb3eb
- SHA256
  
  65b208943d8cf82af902c39400bdd7a26fdbc94c23f9d4494cf0a2ca51233213
- SHA512
  
  a3a37f55c185aafeb728335ab54c378adbc5e1a11a3079f3af7d16f4e5635d183017d6fa1eb22f706df2eabaf6fc3864259ef51422b3e392843d2825ebe358e0
Score

10^/10

icedid 2352744503 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

IcedID First Stage Loader

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2