Overview

overview

10

Static

static

8

manifestad...2.docm

windows7-x64

10

manifestad...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    manifestadventure invoice 09.26.2022.doc

  • Size

    867KB

  • Sample

    220926-wj7g2acfhl

  • MD5

    e9d1cfdbc9395de2b84a4ed5094a1797

  • SHA1

    8bafd22f6140314c62f5e75b5d8360c59fa889b7

  • SHA256

    578a35e36d8e6a9328cec388852679bac9c7fc9d1cb60a6350ebd9f6a65cc563

  • SHA512

    a52733134d5b072151745fec7e4c5b4d1805f4e1bdb4283cde837bf447b830a605f8d7d178133f0357d9b69d0d812a10d3a7a01474b4eb2b678f13c182deb48b

  • SSDEEP

    12288:MDLVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsIRlvHfzP6:MvV2jUeQRI5wPN/1IXHm

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      manifestadventure invoice 09.26.2022.doc

    • Size

      867KB

    • MD5

      e9d1cfdbc9395de2b84a4ed5094a1797

    • SHA1

      8bafd22f6140314c62f5e75b5d8360c59fa889b7

    • SHA256

      578a35e36d8e6a9328cec388852679bac9c7fc9d1cb60a6350ebd9f6a65cc563

    • SHA512

      a52733134d5b072151745fec7e4c5b4d1805f4e1bdb4283cde837bf447b830a605f8d7d178133f0357d9b69d0d812a10d3a7a01474b4eb2b678f13c182deb48b

    • SSDEEP

      12288:MDLVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsIRlvHfzP6:MvV2jUeQRI5wPN/1IXHm

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks