General

  • Target

    greenflashproductionsound-file-12.23.2022.doc.docm

  • Size

    1.3MB

  • Sample

    221224-wlwtbade6z

  • MD5

    05b491c991cc4374caba0454d402b864

  • SHA1

    b298e08f15f70d42267992b5827dc36a0521cb83

  • SHA256

    b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5

  • SHA512

    2281408c624c0e2e1cb772e312c0a614921d3c7fedb6919f47886c1f0f7b145a159af97802651b5497a8dfb1de568b5d7d85c4d05363453dc7a9bdb3b84650eb

  • SSDEEP

    24576:/bpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDFG7EzqHm+Bmcd:/bpJmgf3zliFppuKqG+9

Malware Config

Extracted

Family

icedid

Campaign

1212497363

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      greenflashproductionsound-file-12.23.2022.doc.docm

    • Size

      1.3MB

    • MD5

      05b491c991cc4374caba0454d402b864

    • SHA1

      b298e08f15f70d42267992b5827dc36a0521cb83

    • SHA256

      b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5

    • SHA512

      2281408c624c0e2e1cb772e312c0a614921d3c7fedb6919f47886c1f0f7b145a159af97802651b5497a8dfb1de568b5d7d85c4d05363453dc7a9bdb3b84650eb

    • SSDEEP

      24576:/bpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDFG7EzqHm+Bmcd:/bpJmgf3zliFppuKqG+9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks