General
-
Target
IEUDLK.CJF
-
Size
3.4MB
-
Sample
210303-46xnk2ene2
-
MD5
1a3d0fddf65f7cca188499edb6355192
-
SHA1
1717402591b663767b37b3ce0635d991ace08432
-
SHA256
da0921c1e416b3734272dfa619f88c8cd32e9816cdcbeeb81d9e2b2e8a95af4c
-
SHA512
5a46ca0a9079a1ac6c205805a65df737d81fc438b1f6d172aec55f68c1964895d2ad1e41e1d2b309b5ddc7d7cce3d21df932293c25be2aa0fb8ff45b5d26b534
Static task
static1
Behavioral task
behavioral1
Sample
IEUDLK.CJF.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IEUDLK.CJF.dll
Resource
win10v20201028
Malware Config
Extracted
icedid
1820688957
3059128432
timerework.fun
pexxota.space
-
auth_var
6
-
url_path
/news/
Targets
-
-
Target
IEUDLK.CJF
-
Size
3.4MB
-
MD5
1a3d0fddf65f7cca188499edb6355192
-
SHA1
1717402591b663767b37b3ce0635d991ace08432
-
SHA256
da0921c1e416b3734272dfa619f88c8cd32e9816cdcbeeb81d9e2b2e8a95af4c
-
SHA512
5a46ca0a9079a1ac6c205805a65df737d81fc438b1f6d172aec55f68c1964895d2ad1e41e1d2b309b5ddc7d7cce3d21df932293c25be2aa0fb8ff45b5d26b534
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-