General
-
Target
nckcn-document-09.26.22.doc
-
Size
866KB
-
Sample
220926-ws6l4abfd2
-
MD5
2ad6fc021be76e7af000d28aa8a03450
-
SHA1
435395c801e712500931a735b50b65fba8594117
-
SHA256
f3f1ad731286fada69df12ede0a3e1b419d0df4ba18b17f49ac134b4664d34ce
-
SHA512
13b13fda22849f4c9da127d708d61e9b39d9bfbf6821725877b927d36bfa862fbaf5901295ee16f23604a49e7b760203fe84328e55f545bbf7701db2c9576c24
-
SSDEEP
12288:MgyMkKmlVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJ9d/+CFz5+b1nsmv:MgrkhlV2jUeQRI5wPN//Y5Ysmv
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
nckcn-document-09.26.22.doc
-
Size
866KB
-
MD5
2ad6fc021be76e7af000d28aa8a03450
-
SHA1
435395c801e712500931a735b50b65fba8594117
-
SHA256
f3f1ad731286fada69df12ede0a3e1b419d0df4ba18b17f49ac134b4664d34ce
-
SHA512
13b13fda22849f4c9da127d708d61e9b39d9bfbf6821725877b927d36bfa862fbaf5901295ee16f23604a49e7b760203fe84328e55f545bbf7701db2c9576c24
-
SSDEEP
12288:MgyMkKmlVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJ9d/+CFz5+b1nsmv:MgrkhlV2jUeQRI5wPN//Y5Ysmv
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-