Overview

overview

10

Static

static

8

mobiletel,...6.docm

windows7-x64

10

mobiletel,...6.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mobiletel,invoice,09.26.doc

  • Size

    866KB

  • Sample

    220926-v7p28abeb7

  • MD5

    ead051e0a45b60951aa9d9ea533f7da1

  • SHA1

    48ed684356f2eb973a0bec5a35795d8ea227d150

  • SHA256

    8fe36ce43919ed3d512c9d988fab6051be4e5ca61a1243807522374830f2792c

  • SHA512

    6e9f541fd8c2d7799d1c0d0e0c87b20a817c0ac5c1a948f78983693b79bf126e879e1e6ac0475f88ba6a8bb03d86a3e3044648e6475e0ecf17e9de34eb40712c

  • SSDEEP

    12288:tuVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DElYjfH2Szv4b1nsmbvDxl:tuV2jUeQRI5wPN/u0fHZzKsmJl

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      mobiletel,invoice,09.26.doc

    • Size

      866KB

    • MD5

      ead051e0a45b60951aa9d9ea533f7da1

    • SHA1

      48ed684356f2eb973a0bec5a35795d8ea227d150

    • SHA256

      8fe36ce43919ed3d512c9d988fab6051be4e5ca61a1243807522374830f2792c

    • SHA512

      6e9f541fd8c2d7799d1c0d0e0c87b20a817c0ac5c1a948f78983693b79bf126e879e1e6ac0475f88ba6a8bb03d86a3e3044648e6475e0ecf17e9de34eb40712c

    • SSDEEP

      12288:tuVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DElYjfH2Szv4b1nsmbvDxl:tuV2jUeQRI5wPN/u0fHZzKsmJl

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks