General
-
Target
document-140.iso
-
Size
472KB
-
Sample
220325-snh4fshdf6
-
MD5
e3d21b18a4f2ce858b0d5f4f609ae4e4
-
SHA1
56e7fca77cb88ef781de1afa5334ad98bcff8af4
-
SHA256
c129a8bf28d476a7280535f0ce192769d8cb1fa519bab306ff506c08cbcf7436
-
SHA512
fc532aacd659425eaa5e0187278ed283b2f06f578d354509718dec04659577baecb30badfd737a1684deef7d0ce9caf008a3ad5c4f795629b0de74a103e7a914
Static task
static1
Behavioral task
behavioral1
Sample
Attachment.jpg
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
Attachment.jpg
Resource
win10v2004-20220310-en
Behavioral task
behavioral3
Sample
Attachment.png.lnk
Resource
win7-20220311-en
Behavioral task
behavioral4
Sample
Attachment.png.lnk
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
FwlRpmIPXx.exe
Resource
win7-20220311-en
Behavioral task
behavioral6
Sample
FwlRpmIPXx.exe
Resource
win10v2004-en-20220113
Behavioral task
behavioral7
Sample
z.ps1
Resource
win7-20220311-en
Behavioral task
behavioral8
Sample
z.ps1
Resource
win10v2004-20220310-en
Malware Config
Extracted
icedid
3714063495
ritionalvalueon.top
Extracted
icedid
0
Targets
-
-
Target
Attachment.png
-
Size
172KB
-
MD5
9475b7adad618d206048c12e19cf04ce
-
SHA1
5e6069a771ca0bdc894fe3fb6cbdcb3a31141c7a
-
SHA256
ab662ea48da7b3effc7d6d30b60364dd77dcde3592ce7649bd6d0d41d0da6fc8
-
SHA512
ac5795697220f9266f01849f70e008b3febca730ba77169bf9c39c30e12200539193c5a9b91e1f1f3e49fc016acb7a442654120979641fab1cc2eb9c3b1ba441
Score3/10 -
-
-
Target
Attachment.png.lnk
-
Size
1KB
-
MD5
f69905d19f03b83058a219513a0a7e48
-
SHA1
d0b0b2f0f27e054a0ab0f5e59a149d3d3552703e
-
SHA256
86ecbf142d41beffff01fdd56fb9c9786e2826cfe00593abeeb69162daf9d808
-
SHA512
c9c5aad4f5d5ca9d89b64a689977630a01b8075336e90edb6279c1064b735dc704e72b08daca807cdc968a8e57dc708d1d7e4c830c15aab73fdd62f486ef2b7f
Score10/10-
IcedID First Stage Loader
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
FwlRpmIPXx.exe
-
Size
242KB
-
MD5
febd4b99b0131d10d95e71e9ec1d2476
-
SHA1
8d161b857215a037dcde09c9227d2784984f9fd8
-
SHA256
16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc
-
SHA512
e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13
-
IcedID First Stage Loader
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
z.ps1
-
Size
74B
-
MD5
971ae666b08904d27d0bc1ec89e2e675
-
SHA1
2ae80407a83e75de19aedce5b1b2e6d2a11f8e34
-
SHA256
1069f03121aa55c0bec9e7dd66e279f061bffba0a72519497531c5b5dd851fed
-
SHA512
f13bc4298fae46bdcb9451173268c2ea1c4d56e02881442303ecf94a30f81d21649922e05d88456f7e64500ed62b2da034bdd7a292ab69bf21ae543364965fb3
-
IcedID First Stage Loader
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-