Overview

overview

10

Static

static

8

xspedius,d...2.docm

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xspedius,document,11.10.22.doc

  • Size

    1.3MB

  • Sample

    221111-24jjlacc78

  • MD5

    be103615f75d0a68a86433f6853eb94b

  • SHA1

    1e82c0bfee5c89eafe9e5212e0dc9d868031a3d2

  • SHA256

    3ab0b570d30cae0109d7a68c6097963afd1b9815f3400ead6abae70128ec6590

  • SHA512

    4f22a0652299fb40afe0fe4b0718864a568ba519d38ef93574fbaec78980abe6dd7be2cd59c7faf5ea55990a778d00c19cf50646326fe187b0b5252ccc566b08

  • SSDEEP

    24576:xuqlM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cs+Sx:UX7YGkeTWTBSqulzSA9erCMPYXZ

Score
10/10
icedid1292139634bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1292139634

C2

oiurkastarting.com

Targets

    • Target

      xspedius,document,11.10.22.doc

    • Size

      1.3MB

    • MD5

      be103615f75d0a68a86433f6853eb94b

    • SHA1

      1e82c0bfee5c89eafe9e5212e0dc9d868031a3d2

    • SHA256

      3ab0b570d30cae0109d7a68c6097963afd1b9815f3400ead6abae70128ec6590

    • SHA512

      4f22a0652299fb40afe0fe4b0718864a568ba519d38ef93574fbaec78980abe6dd7be2cd59c7faf5ea55990a778d00c19cf50646326fe187b0b5252ccc566b08

    • SSDEEP

      24576:xuqlM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cs+Sx:UX7YGkeTWTBSqulzSA9erCMPYXZ

    Score
    10/10
    icedid1292139634bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks