Overview

overview

10

Static

static

suddenlink...2.docm

windows7-x64

4

suddenlink...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    suddenlinkfile08.11.2022.doc

  • Size

    2.3MB

  • Sample

    220811-s4rqjabcg9

  • MD5

    3b6a5f7e4f048cb005496243fe2a019e

  • SHA1

    a2f68a276e0b18cb1f11745d9046f4ffa1b1a428

  • SHA256

    e9258541a5c96fcacb6a2ce349282db7e9403a16fa9f952e8f1f69929dda7abc

  • SHA512

    f8e777ebbf8ef85d0299552f8580adf97af8eb236fd94f998c47417369bebbfeb54882ca34dcd60c9444cc4624fa0f8d8f32c8037abe29dd50a0b6f478c842f1

Score
10/10
icedid3570055661bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3570055661

C2

alexbionka.com

Targets

    • Target

      suddenlinkfile08.11.2022.doc

    • Size

      2.3MB

    • MD5

      3b6a5f7e4f048cb005496243fe2a019e

    • SHA1

      a2f68a276e0b18cb1f11745d9046f4ffa1b1a428

    • SHA256

      e9258541a5c96fcacb6a2ce349282db7e9403a16fa9f952e8f1f69929dda7abc

    • SHA512

      f8e777ebbf8ef85d0299552f8580adf97af8eb236fd94f998c47417369bebbfeb54882ca34dcd60c9444cc4624fa0f8d8f32c8037abe29dd50a0b6f478c842f1

    Score
    10/10
    icedid3570055661bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks