General
-
Target
morandostores file 09.26.doc
-
Size
866KB
-
Sample
220926-wkqwnsbeh9
-
MD5
27a45e1df35258afd013d765d0786a32
-
SHA1
91394622f15cab0e27aa589039fbee5d57c5281d
-
SHA256
a36f793145c7a775fca887e5ada691ec71137678da479a476bfe70fc1e30e57f
-
SHA512
6546f2fa7592784931d64a93a2c9e18772ffadcfaa5991484533bf7dcc0069eaa8964efde77dc114621db76429f87fbc525f567f4df5b5d3153cf52586488f27
-
SSDEEP
12288:FVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEwpcxJWVprVMmM:FV2jUeQRI5wPN/Jcx45MmM
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
morandostores file 09.26.doc
-
Size
866KB
-
MD5
27a45e1df35258afd013d765d0786a32
-
SHA1
91394622f15cab0e27aa589039fbee5d57c5281d
-
SHA256
a36f793145c7a775fca887e5ada691ec71137678da479a476bfe70fc1e30e57f
-
SHA512
6546f2fa7592784931d64a93a2c9e18772ffadcfaa5991484533bf7dcc0069eaa8964efde77dc114621db76429f87fbc525f567f4df5b5d3153cf52586488f27
-
SSDEEP
12288:FVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEwpcxJWVprVMmM:FV2jUeQRI5wPN/Jcx45MmM
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-