General
-
Target
musonic-document-09.26.2022.doc
-
Size
865KB
-
Sample
220926-ww2gjsbfd5
-
MD5
b055b549a81ce1c75ddd7351354ffa0e
-
SHA1
5f26efbe932c7abf2e5e475fe52ab6f1ec64437e
-
SHA256
7778ec0e63f82e94f18b343c2ebe1950b6057a1dc3067c1aeedc0ed6cbe69355
-
SHA512
f81a29a9a18a0c8dbdb388b53bd0768591f27843f83038454c8af80747b9ba60d3df700b34f0536698377c6e804db5afcd0cea63d0bd3b73469b97a01fd4567e
-
SSDEEP
12288:wZCVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEevh9d/+C6z5Yb1nsmbvDq:wZCV2jUeQRI5wPN/H8X5SsmYi2
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
musonic-document-09.26.2022.doc
-
Size
865KB
-
MD5
b055b549a81ce1c75ddd7351354ffa0e
-
SHA1
5f26efbe932c7abf2e5e475fe52ab6f1ec64437e
-
SHA256
7778ec0e63f82e94f18b343c2ebe1950b6057a1dc3067c1aeedc0ed6cbe69355
-
SHA512
f81a29a9a18a0c8dbdb388b53bd0768591f27843f83038454c8af80747b9ba60d3df700b34f0536698377c6e804db5afcd0cea63d0bd3b73469b97a01fd4567e
-
SSDEEP
12288:wZCVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEevh9d/+C6z5Yb1nsmbvDq:wZCV2jUeQRI5wPN/H8X5SsmYi2
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-