General
-
Target
input 11.20.doc
-
Size
107KB
-
Sample
201130-5lesh7tewn
-
MD5
db1fedab1db9d6114559872167abc6bd
-
SHA1
f7a91a37b1673d1cbffef8d13b50f7c2ce8d7d00
-
SHA256
88e9c10fc899458ecc1bec05b4c7f0cbbd2ccf130135555fa19a5ab949a340a6
-
SHA512
065c225b48a399a7d0a4f24956b57bb801e61368181a8d7e84a8796b44b57b36e9aaa0d29609a0b3c87d9f28bff6edc4f86b26e7967149d36f46f983035f5b3e
Malware Config
Targets
-
-
Target
input 11.20.doc
-
Size
107KB
-
MD5
db1fedab1db9d6114559872167abc6bd
-
SHA1
f7a91a37b1673d1cbffef8d13b50f7c2ce8d7d00
-
SHA256
88e9c10fc899458ecc1bec05b4c7f0cbbd2ccf130135555fa19a5ab949a340a6
-
SHA512
065c225b48a399a7d0a4f24956b57bb801e61368181a8d7e84a8796b44b57b36e9aaa0d29609a0b3c87d9f28bff6edc4f86b26e7967149d36f46f983035f5b3e
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-