Overview

overview

10

Static

static

8

e85b452445...1.docm

windows7-x64

10

e85b452445...1.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fccecb0deb25755fb7d60be2d42c7d24.bin

  • Size

    1.3MB

  • Sample

    230117-kc625sda28

  • MD5

    22423170248380d4294c67506feb5818

  • SHA1

    2026eb108d545bb6ba1f663fa872fcd9926812c1

  • SHA256

    8cdba556506f4d95f0b81f2def0b27b65e82d4f2e2b3df05ca5e1f7d8b127c14

  • SHA512

    f71c6771c16184b5f73edd51ea9dc40379a2f9bc7895acdcc06865d70a191fd855acc1ca480ea1a0f3d180d1a2e9dfcfbd5beabdae6c0bee6d9fe1662dda7abf

  • SSDEEP

    24576:339HJ4TjmFXsLlfpZ3HbG9Kwsos9hpAL8ILObC6O0z986UvLoLdE3BiKeT:8TiWL3Z3HAKQeHm3619BIs5oiB

Score
10/10
icedid1212497363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

1212497363

C2

trbiriumpa.com

Targets

    • Target

      e85b452445ae19e8a458921c6e14d2c2697e003056f10ae49ab18b969f6aa821.docm

    • Size

      1.3MB

    • MD5

      fccecb0deb25755fb7d60be2d42c7d24

    • SHA1

      73b865be51b0577a83168ca76df125615d31b07a

    • SHA256

      e85b452445ae19e8a458921c6e14d2c2697e003056f10ae49ab18b969f6aa821

    • SHA512

      8a778b523f0a54ca0e0c6396e4d4471189bc1e0f69e84462a05b554d87a0a316d7c81991898b09dd5034571821b09267506e70eb55388c887915c64b04d2b315

    • SSDEEP

      24576:/rlpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDNG7EzqHm+BmcW:/5pJmgf3zliFppmKqG+2

    Score
    10/10
    icedid1212497363bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks