Overview

overview

10

Static

static

document-328.rtf.docm

windows7-x64

10

document-328.rtf.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-328.rtf.zip

  • Size

    1.2MB

  • Sample

    220914-ynnltsehfr

  • MD5

    54552d080b7edbbbd2bfeadd5bd78550

  • SHA1

    8358d7af99b5921563c0ace1f4a641a638b63ef6

  • SHA256

    13f94d6c096f158b750821d0c70543f906fa0baa86a9feafa4217829f4c58736

  • SHA512

    263e7f89ee1560c2c24912655cddde31b7b7e8879ffcef014b346be9a8d2341a3883367a7cfb798a709da58faf8cd6a4542c6b6fa31bd70eddad80e7e12c139c

  • SSDEEP

    24576:COSE12Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQnkd:COS96SLPhosvmSf+KCbcEsIyKAIznQkd

Score
10/10
icedid809191839bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

809191839

Extracted

Family

icedid

Campaign

809191839

C2

allozelkot.com

Targets

    • Target

      document-328.rtf.zip

    • Size

      1.2MB

    • MD5

      54552d080b7edbbbd2bfeadd5bd78550

    • SHA1

      8358d7af99b5921563c0ace1f4a641a638b63ef6

    • SHA256

      13f94d6c096f158b750821d0c70543f906fa0baa86a9feafa4217829f4c58736

    • SHA512

      263e7f89ee1560c2c24912655cddde31b7b7e8879ffcef014b346be9a8d2341a3883367a7cfb798a709da58faf8cd6a4542c6b6fa31bd70eddad80e7e12c139c

    • SSDEEP

      24576:COSE12Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQnkd:COS96SLPhosvmSf+KCbcEsIyKAIznQkd

    Score
    10/10
    icedid809191839bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks