General

  • Target

    1fd26f7168cef61ecfa03cbd2a9c7eec.bin

  • Size

    1.3MB

  • Sample

    230116-xzqd5aca48

  • MD5

    dea8d73854c72b5885a94a141b6d3013

  • SHA1

    cf9aa815d5d660b1eeb6bb3a6bae51390f4bb50c

  • SHA256

    d0b4e586bb9fa87f260182082b1b1349fb06555316fe8fed2e4c03f50187e9cd

  • SHA512

    70c154447a3f7c19bac30fad6e1f0d3a87749e99a1516c83600c20c10d1dc43ab50a99ab0c58f1afe1b9a96301347438a8ed720b7cd8a5448ff26b21fb56eff4

  • SSDEEP

    24576:53Qk/g/QmchqnELcY1tSYmi6A+3U/ufworFbiCisCixezR2zYJOytw:53NIhUxj+3wufworVazrRxkd

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      fcadf8c50d8b114cabd4509452b1a4f24f28f5b439179cae610dc037727d2077.docm

    • Size

      1.3MB

    • MD5

      1fd26f7168cef61ecfa03cbd2a9c7eec

    • SHA1

      818a19cdc8a28151083dd201cea5ebec0355a3fa

    • SHA256

      fcadf8c50d8b114cabd4509452b1a4f24f28f5b439179cae610dc037727d2077

    • SHA512

      7d90730e21fb2489d9cf71b127f9fc17b5275b2f4f6fda0cbe85eb707d9130851f29cbe7747808e1a79e2b99ea6343ee525cf78c11ff6f1d44039cccd72882ba

    • SSDEEP

      24576://JpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDuG7EzqHm+Bmcq:/xpJmgf3zliFppVKqG+K

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks