General
-
Target
pistelli-document-11.30.22.docm
-
Size
764KB
-
Sample
221130-xbsjksed36
-
MD5
d8f73889924e436c16ea00a10e5fe5f6
-
SHA1
92352b380c93b094050b5d7aa6fd3ae31cfe77d5
-
SHA256
f8105364026b46bb48f08d45ff5ebeb72f93da16a55c9ee85f62a3f45a6100cb
-
SHA512
ed042a96dd221802066e6ccf8491e653956317b372386fb52cdc20a9541430583aa83d655d2753c8bf9786c1436b58f0a524b067cbe9f5b4b215290155652982
-
SSDEEP
12288:/9aqkVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEngNp3PRNKGh/Kb:/5kV2jUeQRI5wPN/agNp3PRNKI/Kb
Malware Config
Extracted
icedid
1313163077
oilcardirtoz.com
Targets
-
-
Target
pistelli-document-11.30.22.docm
-
Size
764KB
-
MD5
d8f73889924e436c16ea00a10e5fe5f6
-
SHA1
92352b380c93b094050b5d7aa6fd3ae31cfe77d5
-
SHA256
f8105364026b46bb48f08d45ff5ebeb72f93da16a55c9ee85f62a3f45a6100cb
-
SHA512
ed042a96dd221802066e6ccf8491e653956317b372386fb52cdc20a9541430583aa83d655d2753c8bf9786c1436b58f0a524b067cbe9f5b4b215290155652982
-
SSDEEP
12288:/9aqkVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEngNp3PRNKGh/Kb:/5kV2jUeQRI5wPN/agNp3PRNKI/Kb
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-