General
-
Target
nckcninvoice09.26.22.doc
-
Size
866KB
-
Sample
220926-v9jm8abec9
-
MD5
99f42f4ad6f0d67f57513577ba998bc2
-
SHA1
de7532f0a44d4ab0f950ec2b96ff80e08e5de46c
-
SHA256
b3ed2de0e147060a7d2cd7def624976d606e7937e7b2e22e805a9961430d4fb6
-
SHA512
d5e2ef8bc3f9bcb6f9ef6132820d81d5e560fed0704bd24085af4200ffad415d39c83278faba61b7220cf2eb5d0d3760b573e7c26393e91bfa4d0d954bc0108f
-
SSDEEP
12288:CVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeJYALU9gnDueS/:CV2jUeQRI5wPN/bJZLZnq9
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
nckcninvoice09.26.22.doc
-
Size
866KB
-
MD5
99f42f4ad6f0d67f57513577ba998bc2
-
SHA1
de7532f0a44d4ab0f950ec2b96ff80e08e5de46c
-
SHA256
b3ed2de0e147060a7d2cd7def624976d606e7937e7b2e22e805a9961430d4fb6
-
SHA512
d5e2ef8bc3f9bcb6f9ef6132820d81d5e560fed0704bd24085af4200ffad415d39c83278faba61b7220cf2eb5d0d3760b573e7c26393e91bfa4d0d954bc0108f
-
SSDEEP
12288:CVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeJYALU9gnDueS/:CV2jUeQRI5wPN/bJZLZnq9
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-