Overview

overview

10

Static

static

8

nckcn-docu...2.docm

windows7-x64

10

nckcn-docu...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nckcn-document-09.26.22.doc

  • Size

    865KB

  • Sample

    220926-v1eynsbea2

  • MD5

    3a885f1ec285d39dec2265905553a794

  • SHA1

    b2a3efe01e29b0156e195266cb8c156c234fee7f

  • SHA256

    a586f7e99af6232f33d3b7971f4c3107c9f45d086e18a29314c082b84d332d34

  • SHA512

    2a9db0cda300345d07f1c944c3aa6cb9564c694826a4b34c1242c91dd98a60d8474b9a2402e5cff8b844e47bfe9e1d3365b20a41e31dc2538e3c4b23d389bb87

  • SSDEEP

    12288:e7D1QZVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEnJASz5I9f8h6dw:CD1IV2jUeQRI5wPN/g2e5W8h5

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      nckcn-document-09.26.22.doc

    • Size

      865KB

    • MD5

      3a885f1ec285d39dec2265905553a794

    • SHA1

      b2a3efe01e29b0156e195266cb8c156c234fee7f

    • SHA256

      a586f7e99af6232f33d3b7971f4c3107c9f45d086e18a29314c082b84d332d34

    • SHA512

      2a9db0cda300345d07f1c944c3aa6cb9564c694826a4b34c1242c91dd98a60d8474b9a2402e5cff8b844e47bfe9e1d3365b20a41e31dc2538e3c4b23d389bb87

    • SSDEEP

      12288:e7D1QZVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEnJASz5I9f8h6dw:CD1IV2jUeQRI5wPN/g2e5W8h5

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks