Overview

overview

10

Static

static

8

laughingch...2.docm

windows7-x64

10

laughingch...2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    laughingchickenfarm,doc,09.26.22.doc

  • Size

    867KB

  • Sample

    220926-x8yf4abha6

  • MD5

    5de660dafdc6d7e701302c7d6f015b93

  • SHA1

    b4c2328185b0ca336788bf853f4eb35c1d986bf8

  • SHA256

    1965899f73d123cc4f4cd43f8678e3e98a60ef8b3d079e424619e06d58fd6824

  • SHA512

    90baa061f60ad751c72cf5fe9b75a9d08c94e6916aae8a1c36b27d11f06645c615546069fb448b14b53044318ea0a1f75733fa83f25a34fe8aec2748dac06452

  • SSDEEP

    12288:0WhVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEoxM/KD3XA4k:0WhV2jUeQRI5wPN/2KD3w4k

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      laughingchickenfarm,doc,09.26.22.doc

    • Size

      867KB

    • MD5

      5de660dafdc6d7e701302c7d6f015b93

    • SHA1

      b4c2328185b0ca336788bf853f4eb35c1d986bf8

    • SHA256

      1965899f73d123cc4f4cd43f8678e3e98a60ef8b3d079e424619e06d58fd6824

    • SHA512

      90baa061f60ad751c72cf5fe9b75a9d08c94e6916aae8a1c36b27d11f06645c615546069fb448b14b53044318ea0a1f75733fa83f25a34fe8aec2748dac06452

    • SSDEEP

      12288:0WhVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEoxM/KD3XA4k:0WhV2jUeQRI5wPN/2KD3w4k

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks