Overview

overview

10

Static

static

8

mpbronko.f...2.docm

windows7-x64

10

mpbronko.f...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mpbronko.file.09.26.2022.doc

  • Size

    866KB

  • Sample

    220926-w4bk4acgdr

  • MD5

    4665978b0c385746634e837308b07830

  • SHA1

    bb9457fa419c8970eafb857482f3ce6db12381bb

  • SHA256

    58ce514c8b740fdfe115bc19d65ed5e2f8d0df045cdd4e5611ec213382a56e3b

  • SHA512

    2d292549fe138387e67bce1d5ef092c18176a4f50f46341bb4f6b8979ed15327f2a3a1237f90084a73a9f9e44f2bb321b42e71be2398f701a0f8a0aaa0721452

  • SSDEEP

    12288:70VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErLpcZJWWDuBhFg:gV2jUeQRI5wPN/w9cZzq/Fg

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      mpbronko.file.09.26.2022.doc

    • Size

      866KB

    • MD5

      4665978b0c385746634e837308b07830

    • SHA1

      bb9457fa419c8970eafb857482f3ce6db12381bb

    • SHA256

      58ce514c8b740fdfe115bc19d65ed5e2f8d0df045cdd4e5611ec213382a56e3b

    • SHA512

      2d292549fe138387e67bce1d5ef092c18176a4f50f46341bb4f6b8979ed15327f2a3a1237f90084a73a9f9e44f2bb321b42e71be2398f701a0f8a0aaa0721452

    • SSDEEP

      12288:70VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErLpcZJWWDuBhFg:gV2jUeQRI5wPN/w9cZzq/Fg

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks