icedid | 477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a | Triage

Submit
Reports

Overview

overview

Static

static

8

477dc992c3...a.docm

windows7-x64

477dc992c3...a.docm

windows10-2004-x64

Sharing

General

Target

477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a.docm
Size

764KB
Sample

221203-bfe86aee6x
MD5

4598b258b84d842bd6b2969c37dbec63
SHA1

b8e3db1529c1fa63fa2a6e1b4199aa04dbbf5543
SHA256

477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a
SHA512

09acbc8f743c0d211b542ce493caaf718ce0f9625186ac2428408c9d7c8955e4384ea1780f6910d0ec32619ddb5883aa6e8e41238d0ec1df179a91794592597a
SSDEEP

12288:/9a0X5VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE8gNp3PRNKGh/Kr:/n5V2jUeQRI5wPN/5gNp3PRNKI/Kr

Score

10^/10

icedid 1313163077 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a.docm

Resource

win7-20220812-en

icedid 1313163077 banker loader trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a.docm

Resource

win10v2004-20221111-en

icedid 1313163077 banker loader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1313163077

C2

oilcardirtoz.com

Targets

- Target
  
  477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a.docm
- Size
  
  764KB
- MD5
  
  4598b258b84d842bd6b2969c37dbec63
- SHA1
  
  b8e3db1529c1fa63fa2a6e1b4199aa04dbbf5543
- SHA256
  
  477dc992c3bc3997a747f617ee1e4b779bb6363af2aa2c9fa0ab1586d4f2a26a
- SHA512
  
  09acbc8f743c0d211b542ce493caaf718ce0f9625186ac2428408c9d7c8955e4384ea1780f6910d0ec32619ddb5883aa6e8e41238d0ec1df179a91794592597a
- SSDEEP
  
  12288:/9a0X5VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE8gNp3PRNKGh/Kr:/n5V2jUeQRI5wPN/5gNp3PRNKI/Kr
Score

10^/10

icedid 1313163077 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1313163077bankerloadertrojan

behavioral2

icedid1313163077bankerloadertrojan

© 2018-2024

Terms | Privacy