General
-
Target
55899fecd54be0645f470734aa8b7a280a82cdd1.doc
-
Size
33KB
-
Sample
211201-p343pacbcp
-
MD5
864702abb4f17ba0e9fcd2601453e899
-
SHA1
55899fecd54be0645f470734aa8b7a280a82cdd1
-
SHA256
152fb47b5b828fd1a76f8d5956e91cecab10b21d16cad4a6864f427d373d031d
-
SHA512
eff513399f913c3f0a3917ab4ea3ed4519c56ec2f858f13ee24296ba4bd99910a18751b3ace1c65abd45a12d5d1acf67495b16e2b105f1b96f750d5499ee3f5e
Malware Config
Extracted
icedid
1892568649
normyils.com
Targets
-
-
Target
55899fecd54be0645f470734aa8b7a280a82cdd1.doc
-
Size
33KB
-
MD5
864702abb4f17ba0e9fcd2601453e899
-
SHA1
55899fecd54be0645f470734aa8b7a280a82cdd1
-
SHA256
152fb47b5b828fd1a76f8d5956e91cecab10b21d16cad4a6864f427d373d031d
-
SHA512
eff513399f913c3f0a3917ab4ea3ed4519c56ec2f858f13ee24296ba4bd99910a18751b3ace1c65abd45a12d5d1acf67495b16e2b105f1b96f750d5499ee3f5e
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-