General
-
Target
Invoice_1.zip
-
Size
1KB
-
Sample
220524-rkpw6aeac5
-
MD5
4eac8a53a85c042a04e1f1a2e3b7245a
-
SHA1
565fa82730dd6cab418774d763079ce5b077538a
-
SHA256
7d3c2904f263d62298d28e72ba40c6393797461e689c3f1c1ec7faf5367d0d9f
-
SHA512
c555083edde4d129b667143edd001564e652515be302fd76eafb6a24ce8efbafba136d965f1ed829de90c525db6e478ec95f649a76f79e588e39e7145371f475
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_1.lnk
Resource
win7-20220414-en
Malware Config
Extracted
https://conderadio.tv/09872574.hta
Extracted
https://conderadio.tv/09872574.hta
Extracted
icedid
109932505
ilekvoyn.com
Targets
-
-
Target
Invoice_1.lnk
-
Size
2KB
-
MD5
c00c67f3de031c5ae198ba0362b5dd01
-
SHA1
40f3b0263f8fccdf1fd5fe287dbd55829a8eddd6
-
SHA256
d146c8bc52ec74b67704b30c0fb20995ba65770d191502f70c88c262dc44fc5d
-
SHA512
4944aa5947667500eddb4d7fed5b0a8eb4d14db1d60496fcbe38c4032511b04c92757807a23dff49353f5ee75a5ed44cc5de9ed7cdcd12b59a7b8c9214e227ad
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-