General
-
Target
kingwoodcabledoc09.26.doc
-
Size
866KB
-
Sample
220926-wfrx6scffq
-
MD5
28bd5a879ef98e0efdaea727543d1c63
-
SHA1
5416df1b966fc56e27563178f339cd57cd5c7f67
-
SHA256
05a054ddaff706205f477ff5cb318c64151efc3135bd01c9aa225e9c881b6c46
-
SHA512
f63be3965603701ec5378216ecfe8adbc4f9d3a90ced6cde6593db1169e15c0835cba5f4d3301a7ea84cef462da90f469bd2754829207f16dba78d0529f04756
-
SSDEEP
12288:6JVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEcrz5B9c6dq:6JV2jUeQRI5wPN//n5B9cx
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
kingwoodcabledoc09.26.doc
-
Size
866KB
-
MD5
28bd5a879ef98e0efdaea727543d1c63
-
SHA1
5416df1b966fc56e27563178f339cd57cd5c7f67
-
SHA256
05a054ddaff706205f477ff5cb318c64151efc3135bd01c9aa225e9c881b6c46
-
SHA512
f63be3965603701ec5378216ecfe8adbc4f9d3a90ced6cde6593db1169e15c0835cba5f4d3301a7ea84cef462da90f469bd2754829207f16dba78d0529f04756
-
SSDEEP
12288:6JVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEcrz5B9c6dq:6JV2jUeQRI5wPN//n5B9cx
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-