Overview

overview

10

Static

static

8

ncidata-do...6.docm

windows7-x64

10

ncidata-do...6.docm

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ncidata-document-09.26.doc

  • Size

    866KB

  • Sample

    220926-vwz32sbdg4

  • MD5

    c50d50d58e3806e5ce9bb75965a78c95

  • SHA1

    e26cae6402e732bb781cf06edd02829031255e09

  • SHA256

    b7c2b49bc0c9fc9ce0668e24229d18f21b18b8bf7c78bc45ffb1293e833cc0ce

  • SHA512

    2a9bee4b3db815f96b85ebbc5e9b7c030cdaf26cf6b185faaf44bfd50a274bde3b21de31b0f9620166bd18dda84c2a49bd5fc14b7494aa998f83be93ea58c974

  • SSDEEP

    12288:5VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DERpcAJWRprEDe:5V2jUeQRI5wPN/ycAc2e

Score
10/10
icedid742081363bankermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Targets

    • Target

      ncidata-document-09.26.doc

    • Size

      866KB

    • MD5

      c50d50d58e3806e5ce9bb75965a78c95

    • SHA1

      e26cae6402e732bb781cf06edd02829031255e09

    • SHA256

      b7c2b49bc0c9fc9ce0668e24229d18f21b18b8bf7c78bc45ffb1293e833cc0ce

    • SHA512

      2a9bee4b3db815f96b85ebbc5e9b7c030cdaf26cf6b185faaf44bfd50a274bde3b21de31b0f9620166bd18dda84c2a49bd5fc14b7494aa998f83be93ea58c974

    • SSDEEP

      12288:5VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DERpcAJWRprEDe:5V2jUeQRI5wPN/ycAc2e

    Score
    10/10
    icedid742081363bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks