Overview

overview

10

Static

static

8

linkkerz d...2.docm

windows7-x64

10

linkkerz d...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    linkkerz doc 09.26.22.doc

  • Size

    867KB

  • Sample

    220926-v8ac6acfdl

  • MD5

    413eac826de2f8b0dc1ce1fca00456d6

  • SHA1

    a66bf80b7c875e3a4814a20966def67978594425

  • SHA256

    e0f330fce3d6e226cc531b6b943a3ca33e81ee683f3068d0ae5a8e7553e20df2

  • SHA512

    c021d1e7f85b1b26794d418c74e122f4280d493caa57d1184d0586ebfe1c7c84d89cb0140fe1c12ae2c55d0208968c49be53ec54329253c9f6a0ea65f1232c4e

  • SSDEEP

    12288:HVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE7M/7lT/+TeD:HV2jUeQRI5wPN/jx+8

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      linkkerz doc 09.26.22.doc

    • Size

      867KB

    • MD5

      413eac826de2f8b0dc1ce1fca00456d6

    • SHA1

      a66bf80b7c875e3a4814a20966def67978594425

    • SHA256

      e0f330fce3d6e226cc531b6b943a3ca33e81ee683f3068d0ae5a8e7553e20df2

    • SHA512

      c021d1e7f85b1b26794d418c74e122f4280d493caa57d1184d0586ebfe1c7c84d89cb0140fe1c12ae2c55d0208968c49be53ec54329253c9f6a0ea65f1232c4e

    • SSDEEP

      12288:HVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE7M/7lT/+TeD:HV2jUeQRI5wPN/jx+8

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks