Overview

overview

10

Static

static

8

ncsforalli...2.docm

windows7-x64

10

ncsforalli...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ncsforallinvoice09.26.2022.doc

  • Size

    866KB

  • Sample

    220926-v7p28abeb8

  • MD5

    88cc02f7d1dbe75e22c8c7eddb01f5dd

  • SHA1

    2dd7c4a231acf2b0a189038e3d3e4b86d28122fd

  • SHA256

    4de986bc1d553823577929819c03ee508e911384119ebdb1f0d8cb190a7e381e

  • SHA512

    258bec4d61a8079d15cd78028730ae96d0d2112e0b730034741075c6eae0ff364befb73b1219b5eb8e468d3a935d5ee5b691ca2e564d354c885cacd5f7342aae

  • SSDEEP

    12288:OJVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEMsy69d/+CEz5w6hteci3:OJV2jUeQRI5wPN/tsyP15Xi3

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      ncsforallinvoice09.26.2022.doc

    • Size

      866KB

    • MD5

      88cc02f7d1dbe75e22c8c7eddb01f5dd

    • SHA1

      2dd7c4a231acf2b0a189038e3d3e4b86d28122fd

    • SHA256

      4de986bc1d553823577929819c03ee508e911384119ebdb1f0d8cb190a7e381e

    • SHA512

      258bec4d61a8079d15cd78028730ae96d0d2112e0b730034741075c6eae0ff364befb73b1219b5eb8e468d3a935d5ee5b691ca2e564d354c885cacd5f7342aae

    • SSDEEP

      12288:OJVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEMsy69d/+CEz5w6hteci3:OJV2jUeQRI5wPN/tsyP15Xi3

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks