Overview

overview

10

Static

static

8

johnsonpre...2.docm

windows7-x64

10

johnsonpre...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    johnsonprewitt.doc.09.26.22.doc

  • Size

    865KB

  • Sample

    220926-ws6l4acgbl

  • MD5

    f1b461547f3468c1778c0aa5fbe659a2

  • SHA1

    b0a6659cffa96b61cb489ff494bcbe0a765792c9

  • SHA256

    151e6e9aaffbc08ecaaba6feee9868708a69a686d67a64af41f749a05c1fa220

  • SHA512

    2031471f24b9f460ad363fa7ee6a07bed9f98eb76dff6d6ef4a9bc08193918968b82007bb9597eb18aac4a7227c533cc6b7a7a5419578b02af4fcf51ebaa0f78

  • SSDEEP

    12288:EVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsnjPTx7trGxzFZjFDGO:EV2jUeQRI5wPN/RjVtr+ZHKO

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      johnsonprewitt.doc.09.26.22.doc

    • Size

      865KB

    • MD5

      f1b461547f3468c1778c0aa5fbe659a2

    • SHA1

      b0a6659cffa96b61cb489ff494bcbe0a765792c9

    • SHA256

      151e6e9aaffbc08ecaaba6feee9868708a69a686d67a64af41f749a05c1fa220

    • SHA512

      2031471f24b9f460ad363fa7ee6a07bed9f98eb76dff6d6ef4a9bc08193918968b82007bb9597eb18aac4a7227c533cc6b7a7a5419578b02af4fcf51ebaa0f78

    • SSDEEP

      12288:EVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsnjPTx7trGxzFZjFDGO:EV2jUeQRI5wPN/RjVtr+ZHKO

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks