General
-
Target
nicewines.invoice.09.26.22.doc
-
Size
866KB
-
Sample
220926-ws6l4acgbr
-
MD5
2262368ac0d2d1084577522f4c27e090
-
SHA1
b4dc2c60e1b3e717293d90e66f4f3497e825cc47
-
SHA256
de2d8a887e2d5950f27287c587e0895a52774aad7e61f472be74ddfe44ea5d71
-
SHA512
3ec9e34c50c775b2f55e0c46ab627da12eba3c6f4203bdb731433098b92c2992a03b867e388ab75e7a3d90db7d32fe21acbc2470b26e75c565d32bb0ca43ec9d
-
SSDEEP
12288:GGVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeE4gb9oLU9gi6dEoK:/V2jUeQRI5wPN/qZb9oLZi6xK
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
nicewines.invoice.09.26.22.doc
-
Size
866KB
-
MD5
2262368ac0d2d1084577522f4c27e090
-
SHA1
b4dc2c60e1b3e717293d90e66f4f3497e825cc47
-
SHA256
de2d8a887e2d5950f27287c587e0895a52774aad7e61f472be74ddfe44ea5d71
-
SHA512
3ec9e34c50c775b2f55e0c46ab627da12eba3c6f4203bdb731433098b92c2992a03b867e388ab75e7a3d90db7d32fe21acbc2470b26e75c565d32bb0ca43ec9d
-
SSDEEP
12288:GGVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeE4gb9oLU9gi6dEoK:/V2jUeQRI5wPN/qZb9oLZi6xK
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-