General
-
Target
ismanews.doc.09.26.doc
-
Size
866KB
-
Sample
220926-v8ac6abec5
-
MD5
366304ec7a8ead86c52e0f5328269a2a
-
SHA1
bedbf8b099dab8c9e4dfb839a40a4aae0158eb60
-
SHA256
5b067b3377033144b982410f226ce45007b3615446b3b72c5dc1468bb6864447
-
SHA512
752fe3f7b04c2f80b5a6622c51fa2f6ae564980a184bf55fe6e0e391be632fe291132de4dc6e4f63adf4795b1b820008077d1d499f570e0d9dce2a9628aff4d1
-
SSDEEP
12288:z4hVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEx0y8x7trjxzFZjFgGC:shV2jUeQRI5wPN/ntrdZH9C
Behavioral task
behavioral1
Sample
ismanews.doc.09.26.docm
Resource
win7-20220901-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
ismanews.doc.09.26.doc
-
Size
866KB
-
MD5
366304ec7a8ead86c52e0f5328269a2a
-
SHA1
bedbf8b099dab8c9e4dfb839a40a4aae0158eb60
-
SHA256
5b067b3377033144b982410f226ce45007b3615446b3b72c5dc1468bb6864447
-
SHA512
752fe3f7b04c2f80b5a6622c51fa2f6ae564980a184bf55fe6e0e391be632fe291132de4dc6e4f63adf4795b1b820008077d1d499f570e0d9dce2a9628aff4d1
-
SSDEEP
12288:z4hVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEx0y8x7trjxzFZjFgGC:shV2jUeQRI5wPN/ntrdZH9C
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-