General
-
Target
asgardsrealm.invoice.09.28.doc
-
Size
866KB
-
Sample
220928-tfvb7agde9
-
MD5
a1d1744bb2396c4a25163e8f93f4494e
-
SHA1
641146ee5bb50b6eb8687cf4d5d6cbc39e9f1d8a
-
SHA256
297216dc24f4d311ab548ded700e850ed72aebcbff60e9a21574f9b651b33273
-
SHA512
0ecaba65711c79113b78c505dd70b8b1416d2071404e15382f3c9c8d00f205b79d61c7565afba5075b0763e9bf7d14c5e2d1db274b937b7f0901fd097a906774
-
SSDEEP
12288:QtVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmYA+JWmDuiAMf7:QtV2jUeQRI5wPN/ZZ+zq6D
Behavioral task
behavioral1
Sample
asgardsrealm.invoice.09.28.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
asgardsrealm.invoice.09.28.doc
-
Size
866KB
-
MD5
a1d1744bb2396c4a25163e8f93f4494e
-
SHA1
641146ee5bb50b6eb8687cf4d5d6cbc39e9f1d8a
-
SHA256
297216dc24f4d311ab548ded700e850ed72aebcbff60e9a21574f9b651b33273
-
SHA512
0ecaba65711c79113b78c505dd70b8b1416d2071404e15382f3c9c8d00f205b79d61c7565afba5075b0763e9bf7d14c5e2d1db274b937b7f0901fd097a906774
-
SSDEEP
12288:QtVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmYA+JWmDuiAMf7:QtV2jUeQRI5wPN/ZZ+zq6D
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-