icedid | 88917fe31db801e9c3d13b93487bbf089bfb90b5e72465b33b042bca8360f073 | Triage

Submit
Reports

Overview

overview

Static

static

8

leatha,doc...2.docm

windows7-x64

leatha,doc...2.docm

windows10-2004-x64

Sharing

General

Target

leatha,doc,12.23.2022.docm
Size

1.3MB
Sample

221224-wlx2dade7z
MD5

cbfd95f59689ad3f3ac862d25492e6e6
SHA1

b1417d5860d7179f15d1545cc79f5bae9a8d8997
SHA256

88917fe31db801e9c3d13b93487bbf089bfb90b5e72465b33b042bca8360f073
SHA512

33d58ee41f5c1506aabcbee882b00892dd06f9109d02a2965000f4767a29111b77807ae4104d552e0371c660a31c2c5c491437ba4514f76074671394e5938123
SSDEEP

24576:/FkpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDVG7EzqHm+Bmcc:/FkpJmgf3zliFpp+KqG+8

Score

10^/10

icedid 1212497363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

leatha,doc,12.23.2022.docm

Resource

win7-20221111-en

icedid 1212497363 banker loader trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

leatha,doc,12.23.2022.docm

Resource

win10v2004-20220812-en

icedid 1212497363 banker loader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

- Target
  
  leatha,doc,12.23.2022.docm
- Size
  
  1.3MB
- MD5
  
  cbfd95f59689ad3f3ac862d25492e6e6
- SHA1
  
  b1417d5860d7179f15d1545cc79f5bae9a8d8997
- SHA256
  
  88917fe31db801e9c3d13b93487bbf089bfb90b5e72465b33b042bca8360f073
- SHA512
  
  33d58ee41f5c1506aabcbee882b00892dd06f9109d02a2965000f4767a29111b77807ae4104d552e0371c660a31c2c5c491437ba4514f76074671394e5938123
- SSDEEP
  
  24576:/FkpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDVG7EzqHm+Bmcc:/FkpJmgf3zliFpp+KqG+8
Score

10^/10

icedid 1212497363 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1212497363bankerloadertrojan

behavioral2

icedid1212497363bankerloadertrojan

© 2018-2024

Terms | Privacy