General
-
Target
request.zip
-
Size
37KB
-
Sample
211202-qr76mshael
-
MD5
1b3e84b4a8b4bc2fe4dd9bb3d3f4dd03
-
SHA1
afdbbc88da04e3f783201a457f7c89340ff75393
-
SHA256
2d28f47d10cd8f2d4dd9a4aaeaa1c568278438467ca6a6633c92bd635c8852e8
-
SHA512
c71eba5a86986b61e55fb13134f760977a46b6c0124a06ebe825e3c875bddb713a21a89a782e6f7d216216ecb410128d9b69605649ef960e4dadf75d0e47f79e
Static task
static1
Behavioral task
behavioral1
Sample
charge-12.21.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
charge-12.21.doc
Resource
win10-en-20211104
Malware Config
Extracted
icedid
1892568649
normyils.com
Targets
-
-
Target
charge-12.21.doc
-
Size
33KB
-
MD5
74a0006068bb29d6713ce528103687bc
-
SHA1
156010577234a86d730de63ac661c975caa088c6
-
SHA256
eae84642b156436fffe52122b3184971df09e9fb369aff2afcad3ad59a8c623f
-
SHA512
852449009a2ad40075e507882fa0a0389441fc57342212388bf862318a264ea6bc2a61b3545173345b4b8c37a7a795f9f72680436996ea76359d30a27d34815f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-