General
-
Target
myfairpoint-invoice-09.26.2022.doc
-
Size
866KB
-
Sample
220926-vp9nxacehl
-
MD5
20eff5d8573be396b66c486dcbf57ce5
-
SHA1
f206b2abfc128d8776c95829898eedf81b308c83
-
SHA256
29764707bbe878fb00cd85bac9323de74328e33f48d34fbf2073c8ef4aded411
-
SHA512
eaf3327c1c166fad2813bcbbcd1a22f0feb37fb6ae0c30f4063612c8fb3b896a25d9af8a8dcb6a0d5a92d3d461c0974de373ecb335a0c0cfe056089d2655782f
-
SSDEEP
12288:eKVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEOLpcVU9gjDuMo/:eKV2jUeQRI5wPN/ZcVZjqz/
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
myfairpoint-invoice-09.26.2022.doc
-
Size
866KB
-
MD5
20eff5d8573be396b66c486dcbf57ce5
-
SHA1
f206b2abfc128d8776c95829898eedf81b308c83
-
SHA256
29764707bbe878fb00cd85bac9323de74328e33f48d34fbf2073c8ef4aded411
-
SHA512
eaf3327c1c166fad2813bcbbcd1a22f0feb37fb6ae0c30f4063612c8fb3b896a25d9af8a8dcb6a0d5a92d3d461c0974de373ecb335a0c0cfe056089d2655782f
-
SSDEEP
12288:eKVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEOLpcVU9gjDuMo/:eKV2jUeQRI5wPN/ZcVZjqz/
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-