General
-
Target
lunawebs doc 09.26.2022.doc
-
Size
867KB
-
Sample
220926-wfrx6scffm
-
MD5
fb04ab5da032babddd908e18bff60391
-
SHA1
8d1a1d32c6b49c41ae8ede82ad728ca471f2b1fd
-
SHA256
ec11467a9beb27b6329e84a19e90f4563d9720ed8ec1f3c1ae013783061062fa
-
SHA512
86277b4c345f6d8475c5223ced232588ab045a09059c41267e5238e63a5a8eb3fcd7913562fd7f674c8029e458136f61adcc8c41b394bc64b317d4c6f6449a62
-
SSDEEP
12288:ApVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEWIesySlS3P9:KV2jUeQRI5wPN/Bx
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
lunawebs doc 09.26.2022.doc
-
Size
867KB
-
MD5
fb04ab5da032babddd908e18bff60391
-
SHA1
8d1a1d32c6b49c41ae8ede82ad728ca471f2b1fd
-
SHA256
ec11467a9beb27b6329e84a19e90f4563d9720ed8ec1f3c1ae013783061062fa
-
SHA512
86277b4c345f6d8475c5223ced232588ab045a09059c41267e5238e63a5a8eb3fcd7913562fd7f674c8029e458136f61adcc8c41b394bc64b317d4c6f6449a62
-
SSDEEP
12288:ApVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEWIesySlS3P9:KV2jUeQRI5wPN/Bx
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-