General
-
Target
Info.zip
-
Size
112KB
-
Sample
201130-j2vzpx1vba
-
MD5
f1a9f8329b95919fc112f7bf687998df
-
SHA1
241cec47189231710da604ab1eae8ab5641a9e0e
-
SHA256
dab546066e1a2c7ac28840bcd11ceebabe22c04261cac2322226f31810ccb7b4
-
SHA512
c4418ecc1c6cf40e174ce65efbaf92ffbd4e8768a9bc5003ed6cbf98101c530b6136d3e3e15f7c3738f796f45231a84020259d5cadbaeb46f1b6aff6de30c51b
Malware Config
Targets
-
-
Target
input 11.20.doc
-
Size
107KB
-
MD5
db1fedab1db9d6114559872167abc6bd
-
SHA1
f7a91a37b1673d1cbffef8d13b50f7c2ce8d7d00
-
SHA256
88e9c10fc899458ecc1bec05b4c7f0cbbd2ccf130135555fa19a5ab949a340a6
-
SHA512
065c225b48a399a7d0a4f24956b57bb801e61368181a8d7e84a8796b44b57b36e9aaa0d29609a0b3c87d9f28bff6edc4f86b26e7967149d36f46f983035f5b3e
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-