Overview

overview

10

Static

static

8

overlandch...o.docm

windows7-x64

10

overlandch...o.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    overlandchurchofchrist.document.11.11.2022.do.doc

  • Size

    1.3MB

  • Sample

    221111-hmg5nabhhq

  • MD5

    f1cdcb9d58995e2925d2d9673f37401f

  • SHA1

    5980eda8d8e9c8fc14738d150b21941fb5f02d09

  • SHA256

    335a449fcacab5ef6951073d95f914e374d729c1dd6a6f71f96316714a73596a

  • SHA512

    30c657fdaf73e7fd464fd8cb5b266f6413d285eaa0a355157bc8d3ae3ecb3b2ef3d776e05a1b19273c6ec57ab3aae4f1e5de8af26a4c0c2c3b6d0f0c23d077ac

  • SSDEEP

    24576:M5RM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cZim:JX7YGkeTWTBSqulzSA9erCMPYep

Score
10/10
icedid1292139634bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1292139634

Extracted

Family

icedid

Campaign

1292139634

C2

oiurkastarting.com

Targets

    • Target

      overlandchurchofchrist.document.11.11.2022.do.doc

    • Size

      1.3MB

    • MD5

      f1cdcb9d58995e2925d2d9673f37401f

    • SHA1

      5980eda8d8e9c8fc14738d150b21941fb5f02d09

    • SHA256

      335a449fcacab5ef6951073d95f914e374d729c1dd6a6f71f96316714a73596a

    • SHA512

      30c657fdaf73e7fd464fd8cb5b266f6413d285eaa0a355157bc8d3ae3ecb3b2ef3d776e05a1b19273c6ec57ab3aae4f1e5de8af26a4c0c2c3b6d0f0c23d077ac

    • SSDEEP

      24576:M5RM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cZim:JX7YGkeTWTBSqulzSA9erCMPYep

    Score
    10/10
    icedid1292139634bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks