General
-
Target
northkeyconstructiondocument12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlx2dade7y
-
MD5
56dfd0392114e4fe63897ea7c2504e05
-
SHA1
ae147c5634808acc258f7e94156ecdca3a628267
-
SHA256
c6a9f4fb2f8bdd9bffb55280ee53eddb077ed97707151edd64aac9490bc210dc
-
SHA512
569d8092ed752de8e38b1eaf7ac8cc84c32b77b00f1ae278aff9858082ba0da241f387b78c4bb7f626b2d9ad9569ef59ab7b922e2bc033cda549b6dc816ad2f2
-
SSDEEP
24576://npJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDaG7EzqHm+Bmcg://pJmgf3zliFppZKqG+A
Malware Config
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
northkeyconstructiondocument12.23.2022.docm
-
Size
1.3MB
-
MD5
56dfd0392114e4fe63897ea7c2504e05
-
SHA1
ae147c5634808acc258f7e94156ecdca3a628267
-
SHA256
c6a9f4fb2f8bdd9bffb55280ee53eddb077ed97707151edd64aac9490bc210dc
-
SHA512
569d8092ed752de8e38b1eaf7ac8cc84c32b77b00f1ae278aff9858082ba0da241f387b78c4bb7f626b2d9ad9569ef59ab7b922e2bc033cda549b6dc816ad2f2
-
SSDEEP
24576://npJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDaG7EzqHm+Bmcg://pJmgf3zliFppZKqG+A
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-