Overview

overview

10

Static

static

8

midday-inv...2.docm

windows7-x64

10

midday-inv...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    midday-invoice-09.26.22.doc

  • Size

    866KB

  • Sample

    220926-v3pwnabeb3

  • MD5

    b6debba043c77e3ff010ad5c197a8d3c

  • SHA1

    a05522b3ac8efcd36c0248a9164dd0c1a9f1e456

  • SHA256

    1c54e6547719dd745928ee44e318e98f4b9e5603f70648c53f8efe3587e7c6bf

  • SHA512

    93f8cb87906b96d67954008cb49f89b7bebf8b7347ddf749b15cb707db750961b867d072cb9a565c13e4be8c21fd0f7a9d98eb3984447556bd0ddcf5d08b631c

  • SSDEEP

    12288:h3wfVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEGv6U0DDK2HiFH6dyf:FaV2jUeQRI5wPN/ZiUiDKiy6gf

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      midday-invoice-09.26.22.doc

    • Size

      866KB

    • MD5

      b6debba043c77e3ff010ad5c197a8d3c

    • SHA1

      a05522b3ac8efcd36c0248a9164dd0c1a9f1e456

    • SHA256

      1c54e6547719dd745928ee44e318e98f4b9e5603f70648c53f8efe3587e7c6bf

    • SHA512

      93f8cb87906b96d67954008cb49f89b7bebf8b7347ddf749b15cb707db750961b867d072cb9a565c13e4be8c21fd0f7a9d98eb3984447556bd0ddcf5d08b631c

    • SSDEEP

      12288:h3wfVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEGv6U0DDK2HiFH6dyf:FaV2jUeQRI5wPN/ZiUiDKiy6gf

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks