General
-
Target
johnsmalley-doc-09.26.22.doc
-
Size
865KB
-
Sample
220926-wj81vsbeh6
-
MD5
c1256dc480f5399094a9e6cd29b48c4c
-
SHA1
d92fcbd24745b33b8cf6ddc08e8e8cabc1a84fb9
-
SHA256
0000cee3e4fb7de0585d4184b49f1ed6cb81b01aff38c042d1f9ac9777520bdb
-
SHA512
1f3d57ab5abca813b98d97a63bb5586d4d3927231ca497c070200bf6b0becb26d5ad58534cd53278e8f978c3acd2b6d20f1ff1e49d5a1bba1f62320c87a33134
-
SSDEEP
12288:ebVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsaG9PhhW+/wPKNS:ebV2jUeQRI5wPN/jphh/wyQ
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
johnsmalley-doc-09.26.22.doc
-
Size
865KB
-
MD5
c1256dc480f5399094a9e6cd29b48c4c
-
SHA1
d92fcbd24745b33b8cf6ddc08e8e8cabc1a84fb9
-
SHA256
0000cee3e4fb7de0585d4184b49f1ed6cb81b01aff38c042d1f9ac9777520bdb
-
SHA512
1f3d57ab5abca813b98d97a63bb5586d4d3927231ca497c070200bf6b0becb26d5ad58534cd53278e8f978c3acd2b6d20f1ff1e49d5a1bba1f62320c87a33134
-
SSDEEP
12288:ebVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEsaG9PhhW+/wPKNS:ebV2jUeQRI5wPN/jphh/wyQ
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-