General

  • Target

    0d30c944f3a25dd5a3d3300dce762a4c.bin

  • Size

    1.3MB

  • Sample

    230116-xhzapsbe67

  • MD5

    a923e823089e4834b6e2ec103b7fb9d9

  • SHA1

    836a68c2e3c7966ed55c3c8ffc056e40031abae4

  • SHA256

    dfe55c46fe42e49949430479787aafed97a5420bf4632b800d339b7d360e8420

  • SHA512

    9549a8b4467d051c063119550111147b071a795271cd4f44553d89a0ad02a13413bd79f873a35b4e053bd4a6136506874d6a397f1c3b6549d74b69cb21e5c9c4

  • SSDEEP

    24576:MH+BpMoZlnUwNbZ+X3UrNU4ofxecZXe8kf/gMKCFv4fMBWSwg7ZwNumP2hPhqbW5:MH+LMo3rt+XP3Nu8kXgg8UX3ZwNn2Dso

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      b6748e63c66c4dadff044129ac5224722b527969c4afa8572a35b29b0a28d15e.docm

    • Size

      1.3MB

    • MD5

      0d30c944f3a25dd5a3d3300dce762a4c

    • SHA1

      039278d36e0e2e0e37287bcba10ab0ce194ebe74

    • SHA256

      b6748e63c66c4dadff044129ac5224722b527969c4afa8572a35b29b0a28d15e

    • SHA512

      3d007dc0cbec5d2947248abf5b07c00b4a6be7687ade14dd1f4adcf4151e46f2f8099f598dca11cb160a7229e4264ca975dd3375ad6f016f157dc85801575a17

    • SSDEEP

      24576:/xpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD8G7EzqHm+Bmcq:/xpJmgf3zliFpp/KqG+K

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks