General
-
Target
StolenImages_Evidence.zip
-
Size
224KB
-
Sample
220528-thttfachf8
-
MD5
f00d39fd361eea5a1c049463c441d4d3
-
SHA1
05efed085bd50df4384159c1c51d73e9ff6918d0
-
SHA256
ebdd0354f227a3631513d26322e4c104af8622571ed1e735e48bf297834625e6
-
SHA512
b3eb0fb0b2f84237f80520a8e4f8f19edfefdd092d66e3daccfa111ac0230d4348d9a7518ba50a95ccf883d6b3d679fd71a63c748d1cb3adaf0b803a02405997
Static task
static1
Behavioral task
behavioral1
Sample
documents.lnk
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
documents.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
textins.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
textins.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
icedid
3333102921
reapetzold.com
Targets
-
-
Target
documents.lnk
-
Size
1KB
-
MD5
d61780458f992bdf77fe625dd1565e6c
-
SHA1
2dd14846649ebf8bd9ca7ae300087d021668bab9
-
SHA256
e160ad95d3c45196a978965356fbaad470f2e04c6dfdc62db94bcb9cf08c3a81
-
SHA512
7d376ee7d7d56295161af628e6b2922afa3886d05d99569f79910dce168309702f0a80e9498db465d685b2dd94fef91e0ba2c3a0d19d343d7f2e0c140e0b7c07
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
textins.dll
-
Size
393KB
-
MD5
77d0d73564f14e1cb23f57be1ab973b7
-
SHA1
f6cff28fcda4239d35bdb11f3d0d1ead273a5d6e
-
SHA256
015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37
-
SHA512
05996a83b22c82431dd1bcfba99e5da6a46c1f740780be33852af6f71d6216f22140583d8eee42a43cf5c2cebccba1428cd41e23d316cf5734b92416e0a6a60a
Score1/10 -