General
-
Target
FwlRpmIPXx.exe
-
Size
242KB
-
Sample
220325-vakfgafbbk
-
MD5
febd4b99b0131d10d95e71e9ec1d2476
-
SHA1
8d161b857215a037dcde09c9227d2784984f9fd8
-
SHA256
16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc
-
SHA512
e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13
Static task
static1
Behavioral task
behavioral1
Sample
FwlRpmIPXx.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
FwlRpmIPXx.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
0
Extracted
icedid
3714063495
ritionalvalueon.top
Targets
-
-
Target
FwlRpmIPXx.exe
-
Size
242KB
-
MD5
febd4b99b0131d10d95e71e9ec1d2476
-
SHA1
8d161b857215a037dcde09c9227d2784984f9fd8
-
SHA256
16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc
-
SHA512
e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13
-
IcedID First Stage Loader
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-