Overview

overview

10

Static

static

ord_758.docm

windows7_x64

10

ord_758.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d134e0bae735613ab6755c32dd4e11e6ce8122f863fac3e7d3e42c25bf72d5a7

  • Size

    229KB

  • Sample

    220521-ee2bsaccgm

  • MD5

    c1c5c655366f40e5ac0fe6a186b59f95

  • SHA1

    333ca09acd1e155ee2bb9cc52fa75aa8ec96e2a7

  • SHA256

    d134e0bae735613ab6755c32dd4e11e6ce8122f863fac3e7d3e42c25bf72d5a7

  • SHA512

    d1b60a7b5f0476b47d5e3014835d39b65e9459b24b7766787ddddac9c2628610ffdaabd7f4718ebef902a0172959ee5c89381569ca5a89c7606a442b4c63c27c

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

bividilli.xyz

Targets

    • Target

      ord_758.doc

    • Size

      278KB

    • MD5

      5b195d34bd601700f499d97a6aed4069

    • SHA1

      77995f57d2b831ec1f60d7cef1725ae9e62f4347

    • SHA256

      837f40c12fc476d81d0741da2ab0bc0ee5c9857fe9623f2dfa33fb9f9d20f6ce

    • SHA512

      7ee711e335cefe9b9c0af40dda6a276420448c7b0ad6ae4e764e827de50af8d7c5fa64d7444d4be645dedcc05860beef6378b97edc4936fa17f5affd2b1d4091

    Score
    10/10
    icedidbankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks