General
-
Target
mobiletel-invoice-09.26.doc
-
Size
866KB
-
Sample
220926-wmg2jscgak
-
MD5
a7c938d257bc19280ce73dee25241d32
-
SHA1
73d6ceb83fd022c99c0b2ea85ebda01467c77f7d
-
SHA256
87684f6b5141c781f2f9bba8b6317a7138c609c00c240c09d21872eea06a06b1
-
SHA512
f9eb130248ade81fc3e06c1725c99942e69b2743cb5ec688adb2ba0aab2948c6e53a0c99a4689f1ee9b5fd8398cdfcb65b67a9f8839721627ef6f582a1f1a20f
-
SSDEEP
12288:aHVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEEpRcTqz5P6d8oho:AV2jUeQRI5wPN/PRcT25P6lW
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
mobiletel-invoice-09.26.doc
-
Size
866KB
-
MD5
a7c938d257bc19280ce73dee25241d32
-
SHA1
73d6ceb83fd022c99c0b2ea85ebda01467c77f7d
-
SHA256
87684f6b5141c781f2f9bba8b6317a7138c609c00c240c09d21872eea06a06b1
-
SHA512
f9eb130248ade81fc3e06c1725c99942e69b2743cb5ec688adb2ba0aab2948c6e53a0c99a4689f1ee9b5fd8398cdfcb65b67a9f8839721627ef6f582a1f1a20f
-
SSDEEP
12288:aHVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEEpRcTqz5P6d8oho:AV2jUeQRI5wPN/PRcT25P6lW
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-