Overview

overview

10

Static

static

8

nmengle fi...6.docm

windows7-x64

10

nmengle fi...6.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nmengle file 09.26.doc

  • Size

    866KB

  • Sample

    220926-v7rk2scfcq

  • MD5

    55ec488475bc3d6674d855bd343df59f

  • SHA1

    78e16786106461c4883d6017223ebb144ceb095e

  • SHA256

    563eba169c321af25eeefb52a0adaac9fc7006d1e8712ca2e4de6937ecef2e07

  • SHA512

    98cc3b654559166e873950e6378350d7a666857826c812003a4482472a04a872f403e1e7c28f63dd00944aacc4b662306a22f59a043295af81e77133ac120de8

  • SSDEEP

    12288:pVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEHHHNxZp/G7ob39AMm2:pV2jUeQRI5wPN/2HrGsT9AMm2

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      nmengle file 09.26.doc

    • Size

      866KB

    • MD5

      55ec488475bc3d6674d855bd343df59f

    • SHA1

      78e16786106461c4883d6017223ebb144ceb095e

    • SHA256

      563eba169c321af25eeefb52a0adaac9fc7006d1e8712ca2e4de6937ecef2e07

    • SHA512

      98cc3b654559166e873950e6378350d7a666857826c812003a4482472a04a872f403e1e7c28f63dd00944aacc4b662306a22f59a043295af81e77133ac120de8

    • SSDEEP

      12288:pVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEHHHNxZp/G7ob39AMm2:pV2jUeQRI5wPN/2HrGsT9AMm2

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks