icedid | e85b452445ae19e8a458921c6e14d2c2697e003056f10ae49ab18b969f6aa821 | Triage

Submit
Reports

Overview

overview

Static

static

8

dodo-doc-12.23.docm

windows7-x64

dodo-doc-12.23.docm

windows10-2004-x64

Sharing

General

Target

dodo-doc-12.23.docm
Size

1.3MB
Sample

221224-wlyb5sde8s
MD5

fccecb0deb25755fb7d60be2d42c7d24
SHA1

73b865be51b0577a83168ca76df125615d31b07a
SHA256

e85b452445ae19e8a458921c6e14d2c2697e003056f10ae49ab18b969f6aa821
SHA512

8a778b523f0a54ca0e0c6396e4d4471189bc1e0f69e84462a05b554d87a0a316d7c81991898b09dd5034571821b09267506e70eb55388c887915c64b04d2b315
SSDEEP

24576:/rlpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDNG7EzqHm+BmcW:/5pJmgf3zliFppmKqG+2

Score

10^/10

icedid 1212497363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dodo-doc-12.23.docm

Resource

win7-20220901-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

dodo-doc-12.23.docm

Resource

win10v2004-20220812-en

icedid 1212497363 banker loader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

- Target
  
  dodo-doc-12.23.docm
- Size
  
  1.3MB
- MD5
  
  fccecb0deb25755fb7d60be2d42c7d24
- SHA1
  
  73b865be51b0577a83168ca76df125615d31b07a
- SHA256
  
  e85b452445ae19e8a458921c6e14d2c2697e003056f10ae49ab18b969f6aa821
- SHA512
  
  8a778b523f0a54ca0e0c6396e4d4471189bc1e0f69e84462a05b554d87a0a316d7c81991898b09dd5034571821b09267506e70eb55388c887915c64b04d2b315
- SSDEEP
  
  24576:/rlpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDNG7EzqHm+BmcW:/5pJmgf3zliFppmKqG+2
Score

10^/10

icedid 1212497363 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid1212497363bankerloadertrojan

© 2018-2024

Terms | Privacy