Overview

overview

10

Static

static

8

jhazle doc...2.docm

windows7-x64

10

jhazle doc...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jhazle doc 09.26.2022.doc

  • Size

    865KB

  • Sample

    220926-wmgqsabfb2

  • MD5

    b1799c80394e1da12afd9f38d3293f90

  • SHA1

    3cef24ba7115e6f83071a4d951d189fc961d3337

  • SHA256

    e2ba042f4194826bed8a8ba388dd26755cb76d5e82811f86e418f377b6fc3791

  • SHA512

    99c3abc32a72f9a02dbf7831915f76e176aac71b9af16b6fa1de87f0d0fd8f5bfc5b570ed53b4bcad76d1afa32499a8d4a2235770378a6ff4c4020f16e32cb14

  • SSDEEP

    12288:g2VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErPFhhhJ3sJAibNfI:rV2jUeQRI5wPN/wP1hJy/ZA

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      jhazle doc 09.26.2022.doc

    • Size

      865KB

    • MD5

      b1799c80394e1da12afd9f38d3293f90

    • SHA1

      3cef24ba7115e6f83071a4d951d189fc961d3337

    • SHA256

      e2ba042f4194826bed8a8ba388dd26755cb76d5e82811f86e418f377b6fc3791

    • SHA512

      99c3abc32a72f9a02dbf7831915f76e176aac71b9af16b6fa1de87f0d0fd8f5bfc5b570ed53b4bcad76d1afa32499a8d4a2235770378a6ff4c4020f16e32cb14

    • SSDEEP

      12288:g2VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErPFhhhJ3sJAibNfI:rV2jUeQRI5wPN/wP1hJy/ZA

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks