icedid | 08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0 | Triage

Submit
Reports

Overview

overview

Static

static

8

Мобіл...к.xls

windows7_x64

Мобіл...к.xls

windows10-2004_x64

Resubmissions

15-04-2022 13:43

220415-q1fsrabhcr 10

15-04-2022 13:22

220415-qmkjsabael 10

Sharing

General

Target

Мобілізаційний список.xls
Size

32KB
Sample

220415-qmkjsabael
MD5

3aa6bf4ed8c485717d767013d43f7cdb
SHA1

83ea9a8627819a7ba2ecad058f22e7f697256bc0
SHA256

08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0
SHA512

db51c36533565f35b535fa4696a8992c2b1fa15cf93fb129c3ec740a394b6bff3cf43355e172c017f8ed762d99a73f2d157a0fb797cd827a228db39195652a5b

Score

10^/10

icedid 2493865931 banker loader macro macro_on_action suricata trojan

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

Мобілізаційний список.xls

Resource

win7-20220414-en

icedid 2493865931 banker loader suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Мобілізаційний список.xls

Resource

win10v2004-20220414-en

icedid 2493865931 banker loader suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Campaign

2493865931

C2

ertimadifa.com

Targets

- Target
  
  Мобілізаційний список.xls
- Size
  
  32KB
- MD5
  
  3aa6bf4ed8c485717d767013d43f7cdb
- SHA1
  
  83ea9a8627819a7ba2ecad058f22e7f697256bc0
- SHA256
  
  08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0
- SHA512
  
  db51c36533565f35b535fa4696a8992c2b1fa15cf93fb129c3ec740a394b6bff3cf43355e172c017f8ed762d99a73f2d157a0fb797cd827a228db39195652a5b
Score

10^/10

icedid 2493865931 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

icedid2493865931bankerloadersuricatatrojan

behavioral2

icedid2493865931bankerloadersuricatatrojan

© 2018-2024

Terms | Privacy