General

  • Target

    dodsonimaging,file,08.11.2022.doc

  • Size

    2.2MB

  • Sample

    220811-snfnbsbae8

  • MD5

    db11828aed458eccfab30c367bc1bb2f

  • SHA1

    3487931f130485c82d21e9ef4155af0a8fd46c33

  • SHA256

    d297f78ca4fc35e899792260c98f752947f7d6b5999650a6210f4a8538a2e655

  • SHA512

    912a9d23b444a26ee176777d5be88c6a58a3cbf85864d3e09a3a497bcd3858764f8a9b318ddb8c314eb5e521a6a59ebcf88842cd3d7f9ed6f87ab7d192a12513

Malware Config

Extracted

Family

icedid

Campaign

3570055661

C2

alexbionka.com

Targets

    • Target

      dodsonimaging,file,08.11.2022.doc

    • Size

      2.2MB

    • MD5

      db11828aed458eccfab30c367bc1bb2f

    • SHA1

      3487931f130485c82d21e9ef4155af0a8fd46c33

    • SHA256

      d297f78ca4fc35e899792260c98f752947f7d6b5999650a6210f4a8538a2e655

    • SHA512

      912a9d23b444a26ee176777d5be88c6a58a3cbf85864d3e09a3a497bcd3858764f8a9b318ddb8c314eb5e521a6a59ebcf88842cd3d7f9ed6f87ab7d192a12513

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks