Overview

overview

10

Static

static

8

08d30d6646...c0.xls

windows7_x64

10

08d30d6646...c0.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5873b2932ca2d24cf6fc82511aa40ba100936e15ed93cfe729a08bebfc2c819

  • Size

    32KB

  • Sample

    220417-3ey4esfhh7

  • MD5

    99cb2c3015c0ecdd78dfa45de2e6909c

  • SHA1

    6e770e9940d4b9611fe7585d565fab8868758972

  • SHA256

    b5873b2932ca2d24cf6fc82511aa40ba100936e15ed93cfe729a08bebfc2c819

  • SHA512

    7e99043833d6ff01ce1519d4a8e982a39e1730a69eded9218158b38d0c9a85a066465b50d11928f375bb627ff951938ed5872684d9342d97e3c24700e98d862f

Score
10/10
icedid2493865931bankerloadermacromacro_on_actiontrojan

Malware Config

Extracted

Family

icedid

Campaign

2493865931

C2

ertimadifa.com

Targets

    • Target

      08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0.xls

    • Size

      32KB

    • MD5

      3aa6bf4ed8c485717d767013d43f7cdb

    • SHA1

      83ea9a8627819a7ba2ecad058f22e7f697256bc0

    • SHA256

      08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0

    • SHA512

      db51c36533565f35b535fa4696a8992c2b1fa15cf93fb129c3ec740a394b6bff3cf43355e172c017f8ed762d99a73f2d157a0fb797cd827a228db39195652a5b

    Score
    10/10
    icedid2493865931bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks