Overview

overview

10

Static

static

8

alfordauto...8.docm

windows7-x64

10

alfordauto...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    alfordauto_file_09.28.doc

  • Size

    865KB

  • Sample

    220928-sdg4eahdcl

  • MD5

    83403249d80c0b07d430a7cb9f6014e0

  • SHA1

    b1315c971f5e2f60ec94720663a64dd7f15ba95d

  • SHA256

    cccd5cabe6c297fe66bbf2db5d1c9f9d0afef3a2c6a09738b79ad066ae98e23b

  • SHA512

    88a1ca8528d6afc2bcd8cac66ad86d51925b2d90341ab8428a65fde3ab1ec5d42165ca5f285f122e832ca9726cd070082021ade78c6abc1aef0dc5fdbbaa4273

  • SSDEEP

    12288:xNXgVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEh0y8aR3skQymOxtUo:xNXgV2jUeQRI5wPN/jS//

Score
10/10
icedid742081363bankerloadermacrotrojan

Malware Config

Extracted

Family

icedid

Campaign

742081363

Extracted

Family

icedid

Campaign

742081363

C2

scainznorka.com

Targets

    • Target

      alfordauto_file_09.28.doc

    • Size

      865KB

    • MD5

      83403249d80c0b07d430a7cb9f6014e0

    • SHA1

      b1315c971f5e2f60ec94720663a64dd7f15ba95d

    • SHA256

      cccd5cabe6c297fe66bbf2db5d1c9f9d0afef3a2c6a09738b79ad066ae98e23b

    • SHA512

      88a1ca8528d6afc2bcd8cac66ad86d51925b2d90341ab8428a65fde3ab1ec5d42165ca5f285f122e832ca9726cd070082021ade78c6abc1aef0dc5fdbbaa4273

    • SSDEEP

      12288:xNXgVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEh0y8aR3skQymOxtUo:xNXgV2jUeQRI5wPN/jS//

    Score
    10/10
    icedid742081363bankertrojanloader

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks