icedid | 6cf4b6897928f8630040e5cb5db66fc6b979be1d3b8849986db9f0ac5bef1b84 | Triage

Submit
Reports

Overview

overview

Static

static

8

nckcn-invo...2.docm

windows7-x64

nckcn-invo...2.docm

windows10-2004-x64

Sharing

General

Target

nckcn-invoice-09.26.22.doc
Size

866KB
Sample

220926-wkqwnsbeh8
MD5

d7ea47bbb034c9490a465863e8bb4b04
SHA1

b3a9e5e6e12c5a59b8bd3d3323a497661d79e783
SHA256

6cf4b6897928f8630040e5cb5db66fc6b979be1d3b8849986db9f0ac5bef1b84
SHA512

bd9dd7666d332d25aecf50a90325208b4aa5546c5babbc6ce29fd518f0107d5614ca7d346c9603e3bbc62973abf0cbebd5fdb77a5517a0fe874e883a4b9a4463
SSDEEP

12288:EZk9KVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE54gb9orp/G7obL/PXSE:vKV2jUeQRI5wPN/AZb9oBGsnPXSYqaiy

Score

10^/10

icedid 742081363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nckcn-invoice-09.26.22.docm

Resource

win7-20220812-en

icedid 742081363 banker trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

nckcn-invoice-09.26.22.docm

Resource

win10v2004-20220812-en

icedid 742081363 banker loader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

- Target
  
  nckcn-invoice-09.26.22.doc
- Size
  
  866KB
- MD5
  
  d7ea47bbb034c9490a465863e8bb4b04
- SHA1
  
  b3a9e5e6e12c5a59b8bd3d3323a497661d79e783
- SHA256
  
  6cf4b6897928f8630040e5cb5db66fc6b979be1d3b8849986db9f0ac5bef1b84
- SHA512
  
  bd9dd7666d332d25aecf50a90325208b4aa5546c5babbc6ce29fd518f0107d5614ca7d346c9603e3bbc62973abf0cbebd5fdb77a5517a0fe874e883a4b9a4463
- SSDEEP
  
  12288:EZk9KVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE54gb9orp/G7obL/PXSE:vKV2jUeQRI5wPN/AZb9oBGsnPXSYqaiy
Score

10^/10

icedid 742081363 banker trojan loader
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid742081363bankertrojan

behavioral2

icedid742081363bankerloadertrojan

© 2018-2024

Terms | Privacy