Overview

overview

10

Static

static

3

Document_7...12.pdf

windows10-1703-x64

7

Document_7...12.pdf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_75_Unpaid_-1-12.pdf

  • Size

    90KB

  • Sample

    230116-vmcamaeb7z

  • MD5

    d71d5c0a2e3b7db1e7d641195c5c1390

  • SHA1

    974431c0bd7cb7d8d052f6f30d9ed7b46a36494d

  • SHA256

    56f96a2bb074493c2cc2bad5e9b58eb0cd66248ba44b5ca681483ff4488b71d1

  • SHA512

    8c971239fcdb39231589832b65539a9d76f979faf09c2ecc22c4cc4675b90c07500cec9554ddb3429dc135998a41f069af537b06b14b125185cac2db3a93a9f4

  • SSDEEP

    1536:WtuVneW9Pl8RbhVoHexEQ+BqajpySjDZ+y7IfVCOORzHr1UYjwX4Ew:WK9Pl8NDOE+B5tyFy+W1L1v8X4Ew

Score
10/10
icedid1387823457bankerlinkloaderpdfpersistencetrojan

Malware Config

Extracted

Family

icedid

Campaign

1387823457

C2

allertmnemonkik.com

Targets

    • Target

      Document_75_Unpaid_-1-12.pdf

    • Size

      90KB

    • MD5

      d71d5c0a2e3b7db1e7d641195c5c1390

    • SHA1

      974431c0bd7cb7d8d052f6f30d9ed7b46a36494d

    • SHA256

      56f96a2bb074493c2cc2bad5e9b58eb0cd66248ba44b5ca681483ff4488b71d1

    • SHA512

      8c971239fcdb39231589832b65539a9d76f979faf09c2ecc22c4cc4675b90c07500cec9554ddb3429dc135998a41f069af537b06b14b125185cac2db3a93a9f4

    • SSDEEP

      1536:WtuVneW9Pl8RbhVoHexEQ+BqajpySjDZ+y7IfVCOORzHr1UYjwX4Ew:WK9Pl8NDOE+B5tyFy+W1L1v8X4Ew

    Score
    10/10
    icedid1387823457bankerloaderpersistencetrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks