Overview

overview

10

Static

static

ord_482.docm

windows7_x64

10

ord_482.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f865f53cb0f7c3f4824f9ec3b36228c15c94477344eae931ce8f594899bb632b

  • Size

    257KB

  • Sample

    220521-msl31sfeck

  • MD5

    7793ceb5048b3cbda3b017e67c4b733b

  • SHA1

    79f4e992b024ddf07d837262f0c5c78f447844c1

  • SHA256

    f865f53cb0f7c3f4824f9ec3b36228c15c94477344eae931ce8f594899bb632b

  • SHA512

    1cf4cee36c33f19ea01b29b05d22067c4751e937acbb5646f427249f9f8ad6011620e676d98b75e9e0c4ceed270026db4c6791ab65e55c4f51f8b94b37658b51

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

3chickens.pw

Targets

    • Target

      ord_482.doc

    • Size

      266KB

    • MD5

      bf61de5c8c5da0b79f0fccca3c4f5e04

    • SHA1

      ce568d2e8d9c1c86a8caf54bbaa85b80984b5cbe

    • SHA256

      eee5599e3d990a109e7346469d8739d184628192831144da80e69244ebdb19d0

    • SHA512

      a55fc8f2bc6cb96c730331a9bd4d5a46a86008f7ed0b09b5c587246a8a370dba01e0227926aa01ab590b3df1fb7662d48c5b2966a651d05a7fe32bc5208379e8

    Score
    10/10
    icedidbankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks