General
-
Target
legal agreement 12.21.doc
-
Size
33KB
-
Sample
211201-1q82nabdd4
-
MD5
97037060e74606a0a36e5fda75841896
-
SHA1
ac171a67077f26946b694ba43969c6b23e83665d
-
SHA256
fa85f7aa41e85611e0f0239f96643f48bdafeb620a40ab2bac9efa191fc5b810
-
SHA512
924d052a2cbd0a9b7324645691f7a8f431131c7f701f8cefe81aa4ce82e96bd778438b3b601504ce8148d8a6a39dcebfe45249c439e22d5f3eb7788a81b90678
Malware Config
Extracted
icedid
1892568649
normyils.com
Targets
-
-
Target
legal agreement 12.21.doc
-
Size
33KB
-
MD5
97037060e74606a0a36e5fda75841896
-
SHA1
ac171a67077f26946b694ba43969c6b23e83665d
-
SHA256
fa85f7aa41e85611e0f0239f96643f48bdafeb620a40ab2bac9efa191fc5b810
-
SHA512
924d052a2cbd0a9b7324645691f7a8f431131c7f701f8cefe81aa4ce82e96bd778438b3b601504ce8148d8a6a39dcebfe45249c439e22d5f3eb7788a81b90678
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-