General
-
Target
joenjuki.invoice.09.26.22.doc
-
Size
865KB
-
Sample
220926-v3regscfbn
-
MD5
c566eb3efcd3d457edf2de69593b8d74
-
SHA1
f456aa0d5ed790d44e7ba9a64e7a0b41b913def6
-
SHA256
cb36ff420bbc18158dbfdf3e9068ab775043db2bc61a637ad592a4762ee71b15
-
SHA512
4a191d6ebf0fe0a2de5099e243d7c7085e9688831fb232f67d74d2d6b722de9481926e2f221275ce12773eabd91b873e0d23b04926ad7952d6e79553362a384f
-
SSDEEP
12288:KteBVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DERF2hhgS0JGt:KteBV2jUeQRI5wPN/Q+hP08t
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
joenjuki.invoice.09.26.22.doc
-
Size
865KB
-
MD5
c566eb3efcd3d457edf2de69593b8d74
-
SHA1
f456aa0d5ed790d44e7ba9a64e7a0b41b913def6
-
SHA256
cb36ff420bbc18158dbfdf3e9068ab775043db2bc61a637ad592a4762ee71b15
-
SHA512
4a191d6ebf0fe0a2de5099e243d7c7085e9688831fb232f67d74d2d6b722de9481926e2f221275ce12773eabd91b873e0d23b04926ad7952d6e79553362a384f
-
SSDEEP
12288:KteBVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DERF2hhgS0JGt:KteBV2jUeQRI5wPN/Q+hP08t
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-