Overview

overview

10

Static

static

8

mobiletel....2.docm

windows7-x64

10

mobiletel....2.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mobiletel.document.09.26.22.doc

  • Size

    866KB

  • Sample

    220926-yr4gfsbhe5

  • MD5

    0c790ade0e13967f93beb4d2026f7cf2

  • SHA1

    f45c50bf7431bda1d1687030910181bc6acc9252

  • SHA256

    1630d71da594875c9aa1fd50a955a8adfe02a3bb54d1aa610873cec89ca32911

  • SHA512

    28ee7a9237106d85e739f6ba929de1975ea32404a33562b6debd9e315c0d1770eb87150fb50f2fbb9490a40915f6aa33241db0f5f352148ec64d434fd3795352

  • SSDEEP

    12288:nmXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQHAgz5PprKMmD:4V2jUeQRI5wPN/uU5xuMmD

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      mobiletel.document.09.26.22.doc

    • Size

      866KB

    • MD5

      0c790ade0e13967f93beb4d2026f7cf2

    • SHA1

      f45c50bf7431bda1d1687030910181bc6acc9252

    • SHA256

      1630d71da594875c9aa1fd50a955a8adfe02a3bb54d1aa610873cec89ca32911

    • SHA512

      28ee7a9237106d85e739f6ba929de1975ea32404a33562b6debd9e315c0d1770eb87150fb50f2fbb9490a40915f6aa33241db0f5f352148ec64d434fd3795352

    • SSDEEP

      12288:nmXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQHAgz5PprKMmD:4V2jUeQRI5wPN/uU5xuMmD

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks