General
-
Target
mobiletel,invoice,09.26.2022.doc
-
Size
866KB
-
Sample
220926-wfrx6sbeg3
-
MD5
6f651aca2bc78559404475aeb81f4bd0
-
SHA1
8f0393c2f4521d256f8ba8e9fc855776cccf91a4
-
SHA256
8279ce959f0a6218a93336f9ce5e9cbee68e62faf40027e33acd968237acdf71
-
SHA512
ff03bddbef3768640d89e47e22d96f839e13cda08b96898c5464ed97f8d55833cd109057b78a7b9bbdee5ff02edb4e106ea43d744633ef34d48a3107b431fc66
-
SSDEEP
12288:MVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEL6HNxlU9g+6dQhF0:MV2jUeQRI5wPN/1HpZ+6uF0
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
mobiletel,invoice,09.26.2022.doc
-
Size
866KB
-
MD5
6f651aca2bc78559404475aeb81f4bd0
-
SHA1
8f0393c2f4521d256f8ba8e9fc855776cccf91a4
-
SHA256
8279ce959f0a6218a93336f9ce5e9cbee68e62faf40027e33acd968237acdf71
-
SHA512
ff03bddbef3768640d89e47e22d96f839e13cda08b96898c5464ed97f8d55833cd109057b78a7b9bbdee5ff02edb4e106ea43d744633ef34d48a3107b431fc66
-
SSDEEP
12288:MVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEL6HNxlU9g+6dQhF0:MV2jUeQRI5wPN/1HpZ+6uF0
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-