General
-
Target
Fri0541e16ce794d258f.exe
-
Size
284KB
-
Sample
211022-rz4c4abgc2
-
MD5
dec69c757ce1ae8454f97ef6966aa817
-
SHA1
160d556701a012ab18194aeecaa396e21727c9b2
-
SHA256
2b396ae1fa95ef655bb7b0eb45532a857d882bb601adeb8fb1b5d43dcff9ec31
-
SHA512
c6304aa1a5b762804c81461fb1db1bae9ba57120c279dfb1ad83c3bb2e3309563f15c90a1a04a9f3acb5aac3a527432a87d1bb7ba32846dc75bda961b162db16
Malware Config
Extracted
smokeloader
2020
http://directorycart.com/upload/
http://tierzahnarzt.at/upload/
http://streetofcards.com/upload/
http://ycdfzd.com/upload/
http://successcoachceo.com/upload/
http://uhvu.cn/upload/
http://japanarticle.com/upload/
Extracted
icedid
1875681804
enticationmetho.ink
Targets
-
-
Target
Fri0541e16ce794d258f.exe
-
Size
284KB
-
MD5
dec69c757ce1ae8454f97ef6966aa817
-
SHA1
160d556701a012ab18194aeecaa396e21727c9b2
-
SHA256
2b396ae1fa95ef655bb7b0eb45532a857d882bb601adeb8fb1b5d43dcff9ec31
-
SHA512
c6304aa1a5b762804c81461fb1db1bae9ba57120c279dfb1ad83c3bb2e3309563f15c90a1a04a9f3acb5aac3a527432a87d1bb7ba32846dc75bda961b162db16
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Registers COM server for autorun
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-