Overview

overview

10

Static

static

file.docm

windows7-x64

10

file.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.docm.zip

  • Size

    1.2MB

  • Sample

    220918-gdfpssagd5

  • MD5

    217f003ed3ba32b0f5df3e8c08460eff

  • SHA1

    f4fc619c58998dd136d8b096b69d60d06566dafa

  • SHA256

    2056b52f8c2f62e222107e6fb6ca82708cdae73a91671d40e61aef8698e3e139

  • SHA512

    c797a5dc76161ec0d5e07d78fd459004d1c36487c6b0f8eef5caef5102a4124640d8797c30127fd1d2ea1cb674bb9851a86df9405577b476109edb71df720cfc

  • SSDEEP

    24576:CLJSlW2Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQvx:CLJSlh6SLPhosvmSf+KCbcEsIyKAIznq

Score
10/10
icedid809191839bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

809191839

Extracted

Family

icedid

Campaign

809191839

C2

allozelkot.com

Targets

    • Target

      file.docm.zip

    • Size

      1.2MB

    • MD5

      217f003ed3ba32b0f5df3e8c08460eff

    • SHA1

      f4fc619c58998dd136d8b096b69d60d06566dafa

    • SHA256

      2056b52f8c2f62e222107e6fb6ca82708cdae73a91671d40e61aef8698e3e139

    • SHA512

      c797a5dc76161ec0d5e07d78fd459004d1c36487c6b0f8eef5caef5102a4124640d8797c30127fd1d2ea1cb674bb9851a86df9405577b476109edb71df720cfc

    • SSDEEP

      24576:CLJSlW2Oo6wewLPhHI38vYbiMefcVKFCk0RbtJ8wVpaIeOmZKAIIy7nQvx:CLJSlh6SLPhosvmSf+KCbcEsIyKAIznq

    Score
    10/10
    icedid809191839bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks