icedid | 195ce62d8cec60bdcdf44de9ee93a174147f1decfe29768bf4a0383513b1ccb6 | Triage

Submit
Reports

Overview

overview

Static

static

8

61c0ce00f4...8.docm

windows7-x64

61c0ce00f4...8.docm

windows10-2004-x64

Sharing

General

Target

6b395162cb1adab40234d8a1aad61f59.bin
Size

1.3MB
Sample

230116-zm2bzadd28
MD5

5081a7c0f415a61b5c8f68a5c8d07307
SHA1

da9d5e92ecc4ea716a160684597e11b05eb9e628
SHA256

195ce62d8cec60bdcdf44de9ee93a174147f1decfe29768bf4a0383513b1ccb6
SHA512

27b6d960d2b8637078a18d3c693b94e421db4053ec1b8d7e5253d8d9c95d51caeb147698728f5bac9cba6c5f05dd3fc3ed1d66b201ce2b2f475cac81ddc6b2ad
SSDEEP

24576:YkoQRd2LfCdbSqmn5HIusKoF4xjfzuzG9ziqTVlHjI4jUmTTJY/b74KJkvm:YMPuyCHIuLoF4xjrZVlDIRmvqkvm

Score

10^/10

icedid 1212497363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

61c0ce00f478266efdf81501a794c80def1806bd4641618844c424185ff35fc8.docm

Resource

win7-20220901-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

61c0ce00f478266efdf81501a794c80def1806bd4641618844c424185ff35fc8.docm

Resource

win10v2004-20221111-en

icedid 1212497363 banker loader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

- Target
  
  61c0ce00f478266efdf81501a794c80def1806bd4641618844c424185ff35fc8.docm
- Size
  
  1.3MB
- MD5
  
  6b395162cb1adab40234d8a1aad61f59
- SHA1
  
  80a6d8c3c8e98946bdf94c0582442a295ca334cf
- SHA256
  
  61c0ce00f478266efdf81501a794c80def1806bd4641618844c424185ff35fc8
- SHA512
  
  3152828ac6564b180c0ea49b7b62c0f7fb56c43a6b8285fbf4c9a4ee4fd50d34757346913523653670984741668ea4502cb6b87f17f074a30ae22549c6b2231a
- SSDEEP
  
  24576:/00pJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDgG7EzqHm+BmcQ:/FpJmgf3zliFpprKqG+w
Score

10^/10

icedid 1212497363 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid1212497363bankerloadertrojan

© 2018-2024

Terms | Privacy