General
-
Target
da3d50b5b2b517ac2af4bae580b37096.bin
-
Size
1.3MB
-
Sample
230117-jsh5ksce66
-
MD5
65bb26e8f5dd38a811ccdb808fb9985b
-
SHA1
c1d67eb62a1f762ca29f8e2d70d04ba013512649
-
SHA256
12de26aab58eee50b817d00687dcf5f5550bd60c0186719cdaded16db0561605
-
SHA512
bbd84ba81b8c8dfbe02b73fc07626e15d5857901bb6c19a78e3a8041cf84daca9990ac894114ccdce8c1dc8f67a64bcf29b996d9ec154152d1971c0ccb37aa10
-
SSDEEP
24576:7QyvQ8TY5p2ohLTr/2rOZperkOK8MDxP3YxrlR5XUvuIiy:0d8mD/Dpe293YJlEuI9
Malware Config
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
a53e7243b0789a1b6dc0ccbabe64380ed6e1410d1e3f51ce6a9e383c0721bce8.docm
-
Size
1.3MB
-
MD5
da3d50b5b2b517ac2af4bae580b37096
-
SHA1
b19959934823793936ede475478f6e2bc7d66e1f
-
SHA256
a53e7243b0789a1b6dc0ccbabe64380ed6e1410d1e3f51ce6a9e383c0721bce8
-
SHA512
c70ca2a82e6df924dfdab8a70dda9df898408c4ee7a25e5ca83a48ccb6830456ca6f1dd656a05884421e8cc8c00c9f083a39b1efc4c6eca2c1225269d97ca026
-
SSDEEP
24576:/uDpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDEG7EzqHm+Bmch:/KpJmgf3zliFpp3KqG+B
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-