Overview

overview

10

Static

static

8

646dcfd47d...9.docm

windows7-x64

10

646dcfd47d...9.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    440b56bb35362c65c9b8fc64a119aa36.bin

  • Size

    1.3MB

  • Sample

    230116-yp8cmacf33

  • MD5

    4aefe32bdac842a72aceb4efbb84f308

  • SHA1

    8d389010b86e50938361bd14fab6b7570919d25c

  • SHA256

    21936b7bff52c51cee4048f32cf39b65bd9ea3fe111a9ddbe85bf16a2005a839

  • SHA512

    330f8669144db765d6409b17ffdabae9e5b751ace8b09ce39300154b273f6200c9c29223611079d3dc5c8f4ff966130d6d9b7420edb4518d2d79dc93d6801d39

  • SSDEEP

    24576:PbM9ML7igni/bEBZvcEwvIp4si/qCGWX6+4TVeDxNQZsMN4F+M7CDF5D0HlyYDY:TdaMMJC4si/qCb6+4TMxNQZss4F+YGDx

Score
10/10
icedid1212497363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      646dcfd47d1e5426d9669777582923cf1e7c474f80bc86df282df04925ee80e9.docm

    • Size

      1.3MB

    • MD5

      440b56bb35362c65c9b8fc64a119aa36

    • SHA1

      c73967db942b92ae2c78efd36be1595cd298bb99

    • SHA256

      646dcfd47d1e5426d9669777582923cf1e7c474f80bc86df282df04925ee80e9

    • SHA512

      35976e273aaf43683201bc00ea3efcf0f59f2ee76a3a25b5165268e18b9a51868005f9a69a07a1e28e998ce408fcd5f5e2e93ccbb4c6e8be35a487d159da32de

    • SSDEEP

      24576:/jpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDcG7EzqHm+BmcZ:/jpJmgf3zliFppfKqG+5

    Score
    10/10
    icedid1212497363bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks