General
-
Target
B4Rq69Bp_AvEq18.zip
-
Size
252KB
-
Sample
211118-zbk6lsaeg6
-
MD5
b85d922bd01486b4f897efd52db702b4
-
SHA1
58b0fe53691985f43aa2198c9284907bfec1cfe0
-
SHA256
cf28960e0fc4f4d0a1ce7fd38af55f785ec0618c82a688c4a962ebb41bee165f
-
SHA512
25e3acdee4b3159006dca1d0c27b973d308744eaf0938e39cb15f38226442ec370fb92e48a283dae0ebcee38db7d3bfab807bef8a382f71412229a8f21547135
Malware Config
Extracted
https://yfo.yag.mybluehost.me/wp-content/uploads/2020/08/file1.cms
Extracted
icedid
4258209311
sauceson.ink
Targets
-
-
Target
faq[2021.11.17_21-03].xlsb
-
Size
283KB
-
MD5
fc864c8b8197949424384a51492f2356
-
SHA1
95816c7d4a1d0212fab6941eca12189b32c4ca19
-
SHA256
0515221ef8471456dc6ca6392826c4fd965910d6cefc1cc5b30cca99291e6296
-
SHA512
75dcc5535f5630fa256518592661f81d535351e5fee24d5b7b6331f0c33e8458f655c76251bd82349ba71d4cf733c1109dc89b35927c2a8a49be35ce696b231f
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-