Overview

overview

10

Static

static

8

reelwirele...0.docm

windows7-x64

10

reelwirele...0.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    reelwireless-document-11.10.doc

  • Size

    1.3MB

  • Sample

    221111-hjmkzabhfm

  • MD5

    f02ec338d4d52b666ea5c99465586035

  • SHA1

    afdeda15ed8cc46874a44bfad63a55c438db3bfe

  • SHA256

    73d4b9459c060c12cb1c55a0fec2b14c1cc1f1a3a54a46c881195ea923da0280

  • SHA512

    588e78e08500ab8c22d9c169e2384f263148936aa10fc3bfed7fd5790d89b681cbb6161a207dc1c21007bea2a6e303689c5af9f11aec91f6db5f794a0f5a207f

  • SSDEEP

    24576:+SEM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cIIdp3OKY:LX7YGkeTWTBSqulzSA9erCMPYkeKY

Score
10/10
icedid1292139634bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1292139634

Extracted

Family

icedid

Campaign

1292139634

C2

oiurkastarting.com

Targets

    • Target

      reelwireless-document-11.10.doc

    • Size

      1.3MB

    • MD5

      f02ec338d4d52b666ea5c99465586035

    • SHA1

      afdeda15ed8cc46874a44bfad63a55c438db3bfe

    • SHA256

      73d4b9459c060c12cb1c55a0fec2b14c1cc1f1a3a54a46c881195ea923da0280

    • SHA512

      588e78e08500ab8c22d9c169e2384f263148936aa10fc3bfed7fd5790d89b681cbb6161a207dc1c21007bea2a6e303689c5af9f11aec91f6db5f794a0f5a207f

    • SSDEEP

      24576:+SEM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cIIdp3OKY:LX7YGkeTWTBSqulzSA9erCMPYkeKY

    Score
    10/10
    icedid1292139634bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks