Overview

overview

10

Static

static

8

k-mpw docu...2.docm

windows7-x64

10

k-mpw docu...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    k-mpw document 09.26.22.doc

  • Size

    865KB

  • Sample

    220926-v3pwnacfbm

  • MD5

    c35884ae9c17e0e8a3d92cbfaf1dd838

  • SHA1

    323b683e1647ac929fc8bd6f36711f469817f25f

  • SHA256

    4aed84df96bdbf16a4f5b4c2a195e9384b891b35328108aae8f3243a50e3dc25

  • SHA512

    1023e57f4688f30c83c678222032df5c116d2856991bfb111c1ef7531dae84894f7dc864a2fa0560e294d866723f1553deca041065e89f524249877230ceba3e

  • SSDEEP

    12288:UwVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEC0yuhh/S0cOxtUB:TV2jUeQRI5wPN/ah60Bs

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      k-mpw document 09.26.22.doc

    • Size

      865KB

    • MD5

      c35884ae9c17e0e8a3d92cbfaf1dd838

    • SHA1

      323b683e1647ac929fc8bd6f36711f469817f25f

    • SHA256

      4aed84df96bdbf16a4f5b4c2a195e9384b891b35328108aae8f3243a50e3dc25

    • SHA512

      1023e57f4688f30c83c678222032df5c116d2856991bfb111c1ef7531dae84894f7dc864a2fa0560e294d866723f1553deca041065e89f524249877230ceba3e

    • SSDEEP

      12288:UwVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEC0yuhh/S0cOxtUB:TV2jUeQRI5wPN/ah60Bs

    Score
    10/10
    icedid742081363bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks