Overview

overview

10

Static

static

8

adjure.04....1.docm

windows7-x64

4

adjure.04....1.docm

windows10-2004-x64

6

jaazci2.dll

windows7-x64

1

jaazci2.dll

windows10-2004-x64

1

leftTitleRepo.dll

windows7-x64

10

leftTitleRepo.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65dc9f50ea56438fb056a7d5c6a3f0d60f746562a41cb036ce2e34de44039de2

  • Size

    1.6MB

  • Sample

    240313-ykn37aee41

  • MD5

    d36553fb4c3261800b5a06107a15b3bf

  • SHA1

    ba0194ead229fa5ee156112f9754f3ae6b9498d4

  • SHA256

    65dc9f50ea56438fb056a7d5c6a3f0d60f746562a41cb036ce2e34de44039de2

  • SHA512

    813925a5fbc4337526607592d9c8e97e24cafc26576ad7a1bfef7b8b0255418c50022270a102304be3b878233a7714408ed316785ef1d63ffe7e78383eadc8e9

  • SSDEEP

    49152:463ft6vjuNVJMl5+BNa9OaCyHo9pBZ6A/P1bdbN:4u6juNVJMl5+BN6FCDbBZ6A/PDR

Score
10/10
icedid3025732026bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

3025732026

C2

desazasilkor.top

Targets

    • Target

      adjure.04.30.2021.doc

    • Size

      76KB

    • MD5

      9749a2caec0f624162f5face69dee4b6

    • SHA1

      fb2135c7ca8b93a84a5e42fe4d6b844c21b7936c

    • SHA256

      b3dbdf013c494dc354374a50e95635d53d2dabfc59527a17a5f104e8deb07554

    • SHA512

      29ac52a776927704ca72e5c26d1dbfce9bc8218371efb30f847b94714460816bcd8953d141dfdeaa9f31a6d2a879a302f2498edfb4aad2adcd927571bdb744c0

    • SSDEEP

      1536:jTcpJQrigxDjV+l0rM81NCGCPisEHOAq4eyO6i1itW7YUvOMkksCLlg33h:jyJQe6nnrxRCPdYZuyL3t5UmMkkoHh

    Score
    6/10

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

    • Target

      jaazci2.dll

    • Size

      47KB

    • MD5

      b6451a4daa6c2eb8d8900e60a3abcc27

    • SHA1

      b32f6d53eab87a178c059a5c1bdfbf11d76b9146

    • SHA256

      9164570c7f50fe724aaeffeb1a30b3531053f17ab805cf85a780102335dbdde3

    • SHA512

      282092e0d62065c5023c2720c80f32c2fd568cae24791173248662d0e2d3db55732275b8a9fa89dcd73d6c6f3a54ec980e6db8bbb2dcb91d2b9510c202aa55eb

    • SSDEEP

      768:dZ+kEL8Bt5WdLdPcN+OiV/5pMY6gjPREPhfSog+L+1AgXJpF6T:dZvEL8+RPfNVn6gjJ05W17XY

    Score
    1/10
    behavioral3behavioral4

    • Target

      leftTitleRepo.jpg

    • Size

      55KB

    • MD5

      0d366e2470025a3bd66baa22c6aa78df

    • SHA1

      45e57932f502b4658546d626b76b93a5136c0239

    • SHA256

      2f20a4b32df2bcdd3a013998c40079a021e42203b0f7d44cdc85c8ab8689c5b0

    • SHA512

      fe243d4f28b287c262b72598b4cb76451637dd76486428e84e2ffd99d03af2f8666833addf6dd9e6dda1744b688bb8c6634e74c90815432ce275e47fb69b9c45

    • SSDEEP

      768:Pn8Sg0+bpDPQPqxBtfQqxonY1rCsxPbEBJHVpEyVfkgAv36HAV1Mb7nTaqx:kDtEQBaQoSPIB5evK6qbna8

    Score
    10/10
    icedid3025732026bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks