General
-
Target
vict.exe
-
Size
1.5MB
-
Sample
210404-g51cgwxld6
-
MD5
1fe5a78b062c229be63d1d69770fb04f
-
SHA1
220b0f77946840c832f6913ae05a1bbe26c95e54
-
SHA256
fc79c071ab08ab2fe68ac0361e340d8e3fc047d823392e4d3df25823d22acf78
-
SHA512
23aedb7bdc329469f0e577eb44a0a0d8da59c6d5bc6c5f77a51378640ebe2772217e61f81ab060473e7a03e97554fdd9392254860c2b61d212cb2e99aa1eee1e
Malware Config
Extracted
icedid
2412332838
gaaga923.website
Targets
-
-
Target
vict.exe
-
Size
1.5MB
-
MD5
1fe5a78b062c229be63d1d69770fb04f
-
SHA1
220b0f77946840c832f6913ae05a1bbe26c95e54
-
SHA256
fc79c071ab08ab2fe68ac0361e340d8e3fc047d823392e4d3df25823d22acf78
-
SHA512
23aedb7bdc329469f0e577eb44a0a0d8da59c6d5bc6c5f77a51378640ebe2772217e61f81ab060473e7a03e97554fdd9392254860c2b61d212cb2e99aa1eee1e
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
IcedID First Stage Loader
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-