icedid | f0fe9a6eb424f7e7c63ff495b7576cfcf29676ae9dc5b8539808f5ffd763be5e | Triage

Submit
Reports

Overview

overview

Static

static

8

joejeterfi...2.docm

windows7-x64

joejeterfi...2.docm

windows10-2004-x64

Sharing

General

Target

joejeterfile09.26.2022.doc
Size

866KB
Sample

220926-wj669scfgr
MD5

88007b0a9fe81f81d5cabb9d39a301db
SHA1

de1b4ca520bd7c8d98b879afe8ffe2efc2f88c19
SHA256

f0fe9a6eb424f7e7c63ff495b7576cfcf29676ae9dc5b8539808f5ffd763be5e
SHA512

147a5d37d418165be79a5b10d06cafebe8bbae0fe619b8f7ac9c1a093f8a08b848fd19e82d951fbd432f0eec8a977849a6fb18da52f8fcea1167009b9461a63f
SSDEEP

12288:rfHdVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEv0y2aRtxzFZjFc9:rfHdV2jUeQRI5wPN/H8ZHc9

Score

10^/10

icedid 742081363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

joejeterfile09.26.2022.docm

Resource

win7-20220812-en

icedid 742081363 banker loader trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

joejeterfile09.26.2022.docm

Resource

win10v2004-20220901-en

icedid 742081363 banker loader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

- Target
  
  joejeterfile09.26.2022.doc
- Size
  
  866KB
- MD5
  
  88007b0a9fe81f81d5cabb9d39a301db
- SHA1
  
  de1b4ca520bd7c8d98b879afe8ffe2efc2f88c19
- SHA256
  
  f0fe9a6eb424f7e7c63ff495b7576cfcf29676ae9dc5b8539808f5ffd763be5e
- SHA512
  
  147a5d37d418165be79a5b10d06cafebe8bbae0fe619b8f7ac9c1a093f8a08b848fd19e82d951fbd432f0eec8a977849a6fb18da52f8fcea1167009b9461a63f
- SSDEEP
  
  12288:rfHdVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEv0y2aRtxzFZjFc9:rfHdV2jUeQRI5wPN/H8ZHc9
Score

10^/10

icedid 742081363 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid742081363bankerloadertrojan

behavioral2

icedid742081363bankerloadertrojan

© 2018-2024

Terms | Privacy