General
-
Target
ew32342.xlsb
-
Size
137KB
-
Sample
210710-saja9rfz6x
-
MD5
04ea039c6473048c62a73314065115e5
-
SHA1
36d58679a209af25f56d73f27b98c0ee1ea453e4
-
SHA256
2c4de0613a4381fd1c7e59fdac5e71a30326252babebe7d366edb12df8f6433b
-
SHA512
3d997766bd68fb5dc8987d1aa294ca1eb703ed554a6b801043bac9dd34afec96a416069979d0b4b8472405c3ad07ee482a76f6d3797bf8f692d59357c8c76133
Malware Config
Extracted
https://docusignsecpro.com/data/int64/sup/crv.dll
Extracted
icedid
380132461
revedanstvy.bid
Targets
-
-
Target
ew32342.xlsb
-
Size
137KB
-
MD5
04ea039c6473048c62a73314065115e5
-
SHA1
36d58679a209af25f56d73f27b98c0ee1ea453e4
-
SHA256
2c4de0613a4381fd1c7e59fdac5e71a30326252babebe7d366edb12df8f6433b
-
SHA512
3d997766bd68fb5dc8987d1aa294ca1eb703ed554a6b801043bac9dd34afec96a416069979d0b4b8472405c3ad07ee482a76f6d3797bf8f692d59357c8c76133
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Deletes itself
-
Loads dropped DLL
-