General
-
Target
question_11.30.2020.doc
-
Size
108KB
-
Sample
201130-2yf9ftdvn6
-
MD5
5890f8143e28215e355ffaba5dd20f93
-
SHA1
cdf4cfdb01b467c803c5d3f3daedab9b84df8ea9
-
SHA256
d62a85f68f6936093213ffef4212e50d60c85a75690edf997b9c7ee3765c8ba5
-
SHA512
f0a8286492541f518f9838ac20198d4fb372df5ab1bb1d95b6b1f447cb5d50747015eabc9b7af0eda68569d088e62b13d4fc9b782f0b17e66b55a45f9d241981
Malware Config
Targets
-
-
Target
question_11.30.2020.doc
-
Size
108KB
-
MD5
5890f8143e28215e355ffaba5dd20f93
-
SHA1
cdf4cfdb01b467c803c5d3f3daedab9b84df8ea9
-
SHA256
d62a85f68f6936093213ffef4212e50d60c85a75690edf997b9c7ee3765c8ba5
-
SHA512
f0a8286492541f518f9838ac20198d4fb372df5ab1bb1d95b6b1f447cb5d50747015eabc9b7af0eda68569d088e62b13d4fc9b782f0b17e66b55a45f9d241981
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-