General
-
Target
nearshoresurveysdoc09.26.doc
-
Size
866KB
-
Sample
220926-ws6l4acgbm
-
MD5
dfa4f8109eb641da0946ddf08bc955ee
-
SHA1
25ed8077a9417943248ee7b142530ea63b445f4f
-
SHA256
f7da1b974bbb5d89b09ec477b235e50b0f3035211a969c9b09f6fcf7df9ef675
-
SHA512
ef111e6237341da08296e75dd439c32003f61627713e91e77ede54d4f54e2e541b9f07fec1358b939e67c8c3f35c7db21908ae60e1e5a114bcf94e8e715c2b7c
-
SSDEEP
12288:NVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE74gb9oFp/G7obA/PXSYqLAA:NV2jUeQRI5wPN/4Zb9obGsOPXSYqNh
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
nearshoresurveysdoc09.26.doc
-
Size
866KB
-
MD5
dfa4f8109eb641da0946ddf08bc955ee
-
SHA1
25ed8077a9417943248ee7b142530ea63b445f4f
-
SHA256
f7da1b974bbb5d89b09ec477b235e50b0f3035211a969c9b09f6fcf7df9ef675
-
SHA512
ef111e6237341da08296e75dd439c32003f61627713e91e77ede54d4f54e2e541b9f07fec1358b939e67c8c3f35c7db21908ae60e1e5a114bcf94e8e715c2b7c
-
SSDEEP
12288:NVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE74gb9oFp/G7obA/PXSYqLAA:NV2jUeQRI5wPN/4Zb9obGsOPXSYqNh
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-