icedid | 897941816861d957d6eacd2bcbb7b06fd48c9f73be02b72082a01a257c85f3f2 | Triage

Submit
Reports

Overview

overview

Static

static

3

Document_6...12.pdf

windows10-1703-x64

Document_6...12.pdf

windows10-2004-x64

Resubmissions

13-01-2023 03:19

230113-dt7lnsdh57 3

12-01-2023 20:51

230112-zncd8see5z 10

Sharing

General

Target

Document_61_Unpaid_-1-12.pdf
Size

108KB
Sample

230112-zncd8see5z
MD5

69fec563aa8bdfe9350f7c7534faec86
SHA1

8a09a79aa30a497ca812111293f896ca88e8aa32
SHA256

897941816861d957d6eacd2bcbb7b06fd48c9f73be02b72082a01a257c85f3f2
SHA512

dde5428609730781e9a7e30e973af161e261863a1e1f99c657fac3ae393f472f018bbdf37d764ee66b1f03e4ba86995d23a91b622b71a8c76d73e15266dc9c5a
SSDEEP

3072:x1F8+5dK2CVe3TlYaxd8DI07HkCqI+P5iX7El8:u6K2CUBYaxuDIuHkZoLEl8

Score

10^/10

icedid 1387823457 banker link loader pdf persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Document_61_Unpaid_-1-12.pdf

Resource

win10-20220812-en

icedid 1387823457 banker trojan

windows10-1703-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Document_61_Unpaid_-1-12.pdf

Resource

win10v2004-20220812-en

icedid 1387823457 banker loader persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1387823457

Extracted

Family

icedid

Campaign

1387823457

C2

allertmnemonkik.com

Targets

- Target
  
  Document_61_Unpaid_-1-12.pdf
- Size
  
  108KB
- MD5
  
  69fec563aa8bdfe9350f7c7534faec86
- SHA1
  
  8a09a79aa30a497ca812111293f896ca88e8aa32
- SHA256
  
  897941816861d957d6eacd2bcbb7b06fd48c9f73be02b72082a01a257c85f3f2
- SHA512
  
  dde5428609730781e9a7e30e973af161e261863a1e1f99c657fac3ae393f472f018bbdf37d764ee66b1f03e4ba86995d23a91b622b71a8c76d73e15266dc9c5a
- SSDEEP
  
  3072:x1F8+5dK2CVe3TlYaxd8DI07HkCqI+P5iX7El8:u6K2CUBYaxuDIuHkZoLEl8
Score

10^/10

icedid 1387823457 banker trojan loader persistence
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1387823457bankertrojan

behavioral2

icedid1387823457bankerloaderpersistencetrojan

© 2018-2024

Terms | Privacy