icedid | f42c62d9eba4fffe26c0ee87116c53cc91610f98b9c3625819d60c8502b74986 | Triage

Submit
Reports

Overview

overview

Static

static

8

jnrcom fil...6.docm

windows7-x64

jnrcom fil...6.docm

windows10-2004-x64

Sharing

General

Target

jnrcom file 09.26.doc
Size

865KB
Sample

220926-x8yf4achhp
MD5

8e7bcbb33d896f70960bb5d86e0922ab
SHA1

9f9176c2b7d1f502bd2c41aa65d5a1f9d66a26f4
SHA256

f42c62d9eba4fffe26c0ee87116c53cc91610f98b9c3625819d60c8502b74986
SHA512

5635c0e2354c310731287c2768934a1c9e59c0d045df4a3ff1a07247213d5266953f48e106d4dc61d90bdd61c6f138550910136ba9c99adf23e714de4802e2e0
SSDEEP

12288:qVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESSBdXn7f+GxZBT2Wcc:qV2jUeQRI5wPN/SHfHXT2WT

Score

10^/10

icedid 742081363 banker loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jnrcom file 09.26.docm

Resource

win7-20220812-en

icedid 742081363 banker trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

jnrcom file 09.26.docm

Resource

win10v2004-20220812-en

icedid 742081363 banker loader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

- Target
  
  jnrcom file 09.26.doc
- Size
  
  865KB
- MD5
  
  8e7bcbb33d896f70960bb5d86e0922ab
- SHA1
  
  9f9176c2b7d1f502bd2c41aa65d5a1f9d66a26f4
- SHA256
  
  f42c62d9eba4fffe26c0ee87116c53cc91610f98b9c3625819d60c8502b74986
- SHA512
  
  5635c0e2354c310731287c2768934a1c9e59c0d045df4a3ff1a07247213d5266953f48e106d4dc61d90bdd61c6f138550910136ba9c99adf23e714de4802e2e0
- SSDEEP
  
  12288:qVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESSBdXn7f+GxZBT2Wcc:qV2jUeQRI5wPN/SHfHXT2WT
Score

10^/10

icedid 742081363 banker trojan loader
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid742081363bankertrojan

behavioral2

icedid742081363bankerloadertrojan

© 2018-2024

Terms | Privacy