General
-
Target
lcpartnersforyouth.file.09.26.22.doc
-
Size
867KB
-
Sample
220926-v3pwnabeb2
-
MD5
7729d35e6eb8247a2196425c04168292
-
SHA1
2cfd8924523464bb81d82befd0c5fff07419cea5
-
SHA256
b7d4e61a508f579f9758fbb34a24822f1a7882cda5437626b7fea130b8a4abf6
-
SHA512
2958e56e585f1a2edeb9802774412d5560b2a67fc8ac6969301605f45abaffdf2cb6a9c0bdc0177624590061e140951764e9c78fc60b16d31879290fd8d441b2
-
SSDEEP
12288:MInVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsRYmu5GY6lDl+lmqrunPh:tnV2jUeQRI5wPN/9ymu5BluJ
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
lcpartnersforyouth.file.09.26.22.doc
-
Size
867KB
-
MD5
7729d35e6eb8247a2196425c04168292
-
SHA1
2cfd8924523464bb81d82befd0c5fff07419cea5
-
SHA256
b7d4e61a508f579f9758fbb34a24822f1a7882cda5437626b7fea130b8a4abf6
-
SHA512
2958e56e585f1a2edeb9802774412d5560b2a67fc8ac6969301605f45abaffdf2cb6a9c0bdc0177624590061e140951764e9c78fc60b16d31879290fd8d441b2
-
SSDEEP
12288:MInVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsRYmu5GY6lDl+lmqrunPh:tnV2jUeQRI5wPN/9ymu5BluJ
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-