icedid | ebf4a084e6d4a5f9799da0d09a670ed79107193f35907a103f339471d65a9125 | Triage

Submit
Reports

Overview

overview

Static

static

8

irpinc doc...2.docm

windows7-x64

irpinc doc...2.docm

windows10-2004-x64

Sharing

General

Target

irpinc doc 09.26.2022.doc
Size

866KB
Sample

220926-v7p28abec2
MD5

cc0bfeb8de5ac64632ad639d8d31a9c0
SHA1

0cb08482da4b7789ac12d38c17dd287402420510
SHA256

ebf4a084e6d4a5f9799da0d09a670ed79107193f35907a103f339471d65a9125
SHA512

6c9557c70497f811554804845c33342c58e7fecbd08042b6276550773636e6afb414b88a51d59476b5d01fdbcc936cbc354ff917ac08815af817712b22ed6b49
SSDEEP

12288:JhVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJA10y6x1Gc2rvOxtUlB2:JhV2jUeQRI5wPN/lXW5

Score

10^/10

icedid 742081363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

irpinc doc 09.26.2022.docm

Resource

win7-20220812-en

icedid 742081363 banker trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

irpinc doc 09.26.2022.docm

Resource

win10v2004-20220812-en

icedid 742081363 banker loader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

- Target
  
  irpinc doc 09.26.2022.doc
- Size
  
  866KB
- MD5
  
  cc0bfeb8de5ac64632ad639d8d31a9c0
- SHA1
  
  0cb08482da4b7789ac12d38c17dd287402420510
- SHA256
  
  ebf4a084e6d4a5f9799da0d09a670ed79107193f35907a103f339471d65a9125
- SHA512
  
  6c9557c70497f811554804845c33342c58e7fecbd08042b6276550773636e6afb414b88a51d59476b5d01fdbcc936cbc354ff917ac08815af817712b22ed6b49
- SSDEEP
  
  12288:JhVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJA10y6x1Gc2rvOxtUlB2:JhV2jUeQRI5wPN/lXW5
Score

10^/10

icedid 742081363 banker trojan loader
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid742081363bankertrojan

behavioral2

icedid742081363bankerloadertrojan

© 2018-2024

Terms | Privacy