Overview

overview

10

Static

static

8

cdeb995aa0...e.docm

windows7-x64

10

cdeb995aa0...e.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4641a209abf345445c48a8444e384b42.bin

  • Size

    1.3MB

  • Sample

    230116-ytcfracf69

  • MD5

    ef4fd3867580752d04f819dc8c7e20e6

  • SHA1

    8d13066000570616452b812f4b3a722c344e183e

  • SHA256

    534f62a782c2004d2f187f8bfb460fc98154805cd822603759d4beaa7c8a41e3

  • SHA512

    47bbe853c4965fae2fb79528c2100196c12e2b019c1edfec8cec18421c9b2720411e7bbe83e18dcf8d04cf9d28732e4429d4b53d5847d1ec5712aa9d90b05ba9

  • SSDEEP

    24576:uAP31R0oa7CQsAmwB+27vxAuQq94vgCQgvieswzkW3b99ZxZsou1h30nsR29mAmi:uAf8oa2QsRwz7vxAFqW4CjKeswzv3bpl

Score
10/10
icedid1212497363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      cdeb995aa0014da04d86e84c40524ab2f45ce63ef7f3ce9fce04284e14faff2e.docm

    • Size

      1.3MB

    • MD5

      4641a209abf345445c48a8444e384b42

    • SHA1

      f3e93c658c38274ff92a5855a913e0d5c9798479

    • SHA256

      cdeb995aa0014da04d86e84c40524ab2f45ce63ef7f3ce9fce04284e14faff2e

    • SHA512

      dfa8532fa646d2e857da33d619466c5a4441c74b8f39e074b1a441aac6a20c5382af1b342d509993cff31ee8c850bb56d350823f9b9a980185d7f1938c348411

    • SSDEEP

      24576:/bpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD/G7EzqHm+Bmce:/bpJmgf3zliFppcKqG++

    Score
    10/10
    icedid1212497363bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks