Overview

overview

10

Static

static

8

orionpitbi...2.docm

windows7-x64

10

orionpitbi...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    orionpitbikesales.document.11.11.2022.doc

  • Size

    1.3MB

  • Sample

    221111-g92l5sbggq

  • MD5

    aeb1778d4b96e3070355d39f2b08a46a

  • SHA1

    4e1541914e151c4edc44b911d05350cf97b126af

  • SHA256

    964d08c30e93f4f9783728ce6f35da2caf3dcacabc85bf39ab54e8e3f9083c53

  • SHA512

    841a001c932802e35594e29411b1542197d572b7a617c93f4b6c2592d24ccb4ea75a2eb58d0c598effca4322df123f3acd9f867ce234db4a3a0cdacfbad3e0d0

  • SSDEEP

    24576:1SM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cUru:PX7YGkeTWTBSqulzSA9erCMPYrru

Score
10/10
icedid1292139634bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1292139634

Extracted

Family

icedid

Campaign

1292139634

C2

oiurkastarting.com

Targets

    • Target

      orionpitbikesales.document.11.11.2022.doc

    • Size

      1.3MB

    • MD5

      aeb1778d4b96e3070355d39f2b08a46a

    • SHA1

      4e1541914e151c4edc44b911d05350cf97b126af

    • SHA256

      964d08c30e93f4f9783728ce6f35da2caf3dcacabc85bf39ab54e8e3f9083c53

    • SHA512

      841a001c932802e35594e29411b1542197d572b7a617c93f4b6c2592d24ccb4ea75a2eb58d0c598effca4322df123f3acd9f867ce234db4a3a0cdacfbad3e0d0

    • SSDEEP

      24576:1SM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cUru:PX7YGkeTWTBSqulzSA9erCMPYrru

    Score
    10/10
    icedid1292139634bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks