Overview

overview

10

Static

static

8

nntcinvoice09.26.docm

windows7-x64

10

nntcinvoice09.26.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nntcinvoice09.26.doc

  • Size

    866KB

  • Sample

    220926-xcbmfschbm

  • MD5

    a950f27b577e9c0ca10048248c81637a

  • SHA1

    5d53103a58c6f3de33baf24a42a9ea582e82ba9a

  • SHA256

    96f4b5d7a36e0beb974712736292680ab6371df4c167914fe6570fbbabf19aa0

  • SHA512

    aa7a2a1f6fba7929cb4b35d69561e064563b206587f373c4f44dd86c01fe6ee25a0ed549b274aca80536dc90794c6f226b80639d579c2e0666b21f0b39793858

  • SSDEEP

    12288:zVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE1mo/az5B9c6dH:zV2jUeQRI5wPN/Bo/m5B9cC

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      nntcinvoice09.26.doc

    • Size

      866KB

    • MD5

      a950f27b577e9c0ca10048248c81637a

    • SHA1

      5d53103a58c6f3de33baf24a42a9ea582e82ba9a

    • SHA256

      96f4b5d7a36e0beb974712736292680ab6371df4c167914fe6570fbbabf19aa0

    • SHA512

      aa7a2a1f6fba7929cb4b35d69561e064563b206587f373c4f44dd86c01fe6ee25a0ed549b274aca80536dc90794c6f226b80639d579c2e0666b21f0b39793858

    • SSDEEP

      12288:zVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE1mo/az5B9c6dH:zV2jUeQRI5wPN/Bo/m5B9cC

    Score
    10/10
    icedid742081363bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks