General
-
Target
mobiletel.document.09.26.22.doc
-
Size
866KB
-
Sample
220926-yr4gfsbhe5
-
MD5
0c790ade0e13967f93beb4d2026f7cf2
-
SHA1
f45c50bf7431bda1d1687030910181bc6acc9252
-
SHA256
1630d71da594875c9aa1fd50a955a8adfe02a3bb54d1aa610873cec89ca32911
-
SHA512
28ee7a9237106d85e739f6ba929de1975ea32404a33562b6debd9e315c0d1770eb87150fb50f2fbb9490a40915f6aa33241db0f5f352148ec64d434fd3795352
-
SSDEEP
12288:nmXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQHAgz5PprKMmD:4V2jUeQRI5wPN/uU5xuMmD
Behavioral task
behavioral1
Sample
mobiletel.document.09.26.22.docm
Resource
win7-20220901-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
mobiletel.document.09.26.22.doc
-
Size
866KB
-
MD5
0c790ade0e13967f93beb4d2026f7cf2
-
SHA1
f45c50bf7431bda1d1687030910181bc6acc9252
-
SHA256
1630d71da594875c9aa1fd50a955a8adfe02a3bb54d1aa610873cec89ca32911
-
SHA512
28ee7a9237106d85e739f6ba929de1975ea32404a33562b6debd9e315c0d1770eb87150fb50f2fbb9490a40915f6aa33241db0f5f352148ec64d434fd3795352
-
SSDEEP
12288:nmXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQHAgz5PprKMmD:4V2jUeQRI5wPN/uU5xuMmD
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-