icedid | 1e07ff82232f6743128c8e8ca6c487b24d07035efb5ebe382af1ae8ba087e895 | Triage

Submit
Reports

Overview

overview

Static

static

8

b075a39ce8...5.docm

windows7-x64

b075a39ce8...5.docm

windows10-2004-x64

Sharing

General

Target

05b491c991cc4374caba0454d402b864.bin
Size

1.3MB
Sample

230116-xd2j9sfd7x
MD5

cf824410b9f6f50c917ce0d9fd0b3623
SHA1

13b1e472cf625ef51f9237ff9fd118429a75486d
SHA256

1e07ff82232f6743128c8e8ca6c487b24d07035efb5ebe382af1ae8ba087e895
SHA512

4def2cbca5a58c9264ea8345a18be131e2c0ee7c2c405f6c6b02f59fe82dd6b5b0a870e686986d261d112a5620487227f692699780935fcc1a087d48caaad6ff
SSDEEP

24576:hdrwEL+mAg66RFon0nF9dMQivP0l66x3OKXEKEl6UUi2L6zP:frw6d6OKfED3II2P

Score

10^/10

icedid 1212497363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5.docm

Resource

win7-20221111-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5.docm

Resource

win10v2004-20221111-en

icedid 1212497363 banker loader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

- Target
  
  b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5.docm
- Size
  
  1.3MB
- MD5
  
  05b491c991cc4374caba0454d402b864
- SHA1
  
  b298e08f15f70d42267992b5827dc36a0521cb83
- SHA256
  
  b075a39ce88b3ef6ba75a342aae4abbbcacb9a369f52c7406e0a1e466ed112d5
- SHA512
  
  2281408c624c0e2e1cb772e312c0a614921d3c7fedb6919f47886c1f0f7b145a159af97802651b5497a8dfb1de568b5d7d85c4d05363453dc7a9bdb3b84650eb
- SSDEEP
  
  24576:/bpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDFG7EzqHm+Bmcd:/bpJmgf3zliFppuKqG+9
Score

10^/10

icedid 1212497363 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid1212497363bankerloadertrojan

© 2018-2024

Terms | Privacy