Overview

overview

10

Static

static

7e06cdff2b...c.docm

windows7-x64

10

7e06cdff2b...c.docm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7e06cdff2b667d8748bc8822ef11173cd7a66c5a52d2d2fbaf78c92a94c5f69c

  • Size

    1.2MB

  • Sample

    220915-pnw4jaggdj

  • MD5

    a2f269e07c4e4be9e7d295bd34331146

  • SHA1

    573a2862f0b067f503bd53cda70add0a5f5930c3

  • SHA256

    7e06cdff2b667d8748bc8822ef11173cd7a66c5a52d2d2fbaf78c92a94c5f69c

  • SHA512

    c0e72213109984c07556341732a56f2b7e0925252112c60170c770f4151446995398a42bd36c112bd63a0ad0b1e635fc4d3ddd9d04838717f4c87c9d15bfd214

  • SSDEEP

    24576:CItkpZd/G2Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQlj:CCo6SLPhosvmSf+KCbcEsIyKAIznGj

Score
10/10
icedid809191839bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

809191839

Extracted

Family

icedid

Campaign

809191839

C2

allozelkot.com

Targets

    • Target

      7e06cdff2b667d8748bc8822ef11173cd7a66c5a52d2d2fbaf78c92a94c5f69c

    • Size

      1.2MB

    • MD5

      a2f269e07c4e4be9e7d295bd34331146

    • SHA1

      573a2862f0b067f503bd53cda70add0a5f5930c3

    • SHA256

      7e06cdff2b667d8748bc8822ef11173cd7a66c5a52d2d2fbaf78c92a94c5f69c

    • SHA512

      c0e72213109984c07556341732a56f2b7e0925252112c60170c770f4151446995398a42bd36c112bd63a0ad0b1e635fc4d3ddd9d04838717f4c87c9d15bfd214

    • SSDEEP

      24576:CItkpZd/G2Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQlj:CCo6SLPhosvmSf+KCbcEsIyKAIznGj

    Score
    10/10
    icedid809191839bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks