General
-
Target
kingwoodcable-invoice-09.26.doc
-
Size
867KB
-
Sample
220926-wfrx6scfgk
-
MD5
b77224a6c9eb4987077d0f7ec33af582
-
SHA1
311d8d1dfc90096ccd26db3922fe03fa3c0ced85
-
SHA256
d47334b943e152eef809da3d651880e1821749ad9ba2b2e08c9fd5a2db4a8e1c
-
SHA512
436abc2e96e07436acfa19753307e9bafc825b03d41a0399792af5c7d3832d75b317f1d103577e1edecbb31310bf065d5c169dfd72403dfe26c156c1940c4338
-
SSDEEP
12288:nGOVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEOesyErljCREMJyc5RU:nVV2jUeQRI5wPN/8krleREMJ0
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
kingwoodcable-invoice-09.26.doc
-
Size
867KB
-
MD5
b77224a6c9eb4987077d0f7ec33af582
-
SHA1
311d8d1dfc90096ccd26db3922fe03fa3c0ced85
-
SHA256
d47334b943e152eef809da3d651880e1821749ad9ba2b2e08c9fd5a2db4a8e1c
-
SHA512
436abc2e96e07436acfa19753307e9bafc825b03d41a0399792af5c7d3832d75b317f1d103577e1edecbb31310bf065d5c169dfd72403dfe26c156c1940c4338
-
SSDEEP
12288:nGOVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEOesyErljCREMJyc5RU:nVV2jUeQRI5wPN/8krleREMJ0
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-