Overview

overview

10

Static

static

request.docm

windows7-x64

10

request.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    request.doc

  • Size

    2.3MB

  • Sample

    220812-rt1p1sgeg5

  • MD5

    7c36ee4f6d8bbecf5270657d6740adef

  • SHA1

    1a9579f6534e0e2ad840c66f6db09d53d898be2d

  • SHA256

    c42cbaf9d2df31592ed81fa1f9e5df7a1741eea1b63c1d0396b0722ca7e5cd97

  • SHA512

    d1146583f4b02ec6e8ebb4395873d4e2fb1520c5c3987ed79c43d446a11b2e56cb451b603c3a3081749045b316cd22c4e9a920221d6e46897bad82718bd44903

Score
10/10
icedid3570055661bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3570055661

C2

alexbionka.com

Targets

    • Target

      request.doc

    • Size

      2.3MB

    • MD5

      7c36ee4f6d8bbecf5270657d6740adef

    • SHA1

      1a9579f6534e0e2ad840c66f6db09d53d898be2d

    • SHA256

      c42cbaf9d2df31592ed81fa1f9e5df7a1741eea1b63c1d0396b0722ca7e5cd97

    • SHA512

      d1146583f4b02ec6e8ebb4395873d4e2fb1520c5c3987ed79c43d446a11b2e56cb451b603c3a3081749045b316cd22c4e9a920221d6e46897bad82718bd44903

    Score
    10/10
    icedid3570055661bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks