Overview

overview

10

Static

static

8

kingwoodca...6.docm

windows7-x64

10

kingwoodca...6.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kingwoodcable-document-09.26.doc

  • Size

    867KB

  • Sample

    220926-v7p28abeb9

  • MD5

    0ef1a9a3a21786ecfa41b2dde315f262

  • SHA1

    721205a2bbe8bcdadc17dfd4fbb1f724642a1206

  • SHA256

    7fc1d7ba1c77dc2d93a982ea92db6c81d2af658d5ba5116c7167fa82614d114b

  • SHA512

    522007c6f0f85452c427ba3b70960a1078a7627880e286df1d08d13f54902ed2f5d5e58a7b74c32653d527ba78039653c96a8fba6f29c5654743273a357f1cb6

  • SSDEEP

    12288:20uVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE5fHhmuVOkGnCNl+lmqej:20uV2jUeQRI5wPN/UBmZDd6

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      kingwoodcable-document-09.26.doc

    • Size

      867KB

    • MD5

      0ef1a9a3a21786ecfa41b2dde315f262

    • SHA1

      721205a2bbe8bcdadc17dfd4fbb1f724642a1206

    • SHA256

      7fc1d7ba1c77dc2d93a982ea92db6c81d2af658d5ba5116c7167fa82614d114b

    • SHA512

      522007c6f0f85452c427ba3b70960a1078a7627880e286df1d08d13f54902ed2f5d5e58a7b74c32653d527ba78039653c96a8fba6f29c5654743273a357f1cb6

    • SSDEEP

      12288:20uVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE5fHhmuVOkGnCNl+lmqej:20uV2jUeQRI5wPN/UBmZDd6

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks