General
-
Target
inreach.document.09.26.22.doc
-
Size
865KB
-
Sample
220928-t64zbagef9
-
MD5
da51e7500445a246782a0303053d9188
-
SHA1
1cb9183ccafc5b70dd6e5d83cdc55bb8914619c4
-
SHA256
d3c9ad050848a150a7fe4e03e0c5da39f1ba8337ea0abf22fdc0302ac963db0b
-
SHA512
ad7fee602265416fc40080acfee80463fbb54916333f1856543bc2aab2154dba6134e071815042401b8f4da6a4324e9a4b9c73fbcf1dc4a6cdedc40bb24eb2c0
-
SSDEEP
12288:IVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmA/aG9IaRg3sJAibu6A:IV2jUeQRI5wPN/KIRy/G
Behavioral task
behavioral1
Sample
inreach.document.09.26.22.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
inreach.document.09.26.22.doc
-
Size
865KB
-
MD5
da51e7500445a246782a0303053d9188
-
SHA1
1cb9183ccafc5b70dd6e5d83cdc55bb8914619c4
-
SHA256
d3c9ad050848a150a7fe4e03e0c5da39f1ba8337ea0abf22fdc0302ac963db0b
-
SHA512
ad7fee602265416fc40080acfee80463fbb54916333f1856543bc2aab2154dba6134e071815042401b8f4da6a4324e9a4b9c73fbcf1dc4a6cdedc40bb24eb2c0
-
SSDEEP
12288:IVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmA/aG9IaRg3sJAibu6A:IV2jUeQRI5wPN/KIRy/G
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-