General
-
Target
password.txt.lnk
-
Size
1KB
-
Sample
220623-tj9ahsgff7
-
MD5
ee5dc8a66298685a6f6790e32e1a006b
-
SHA1
8bd4a8e15b8c097283b67dd8201ed41e01cbe794
-
SHA256
65e7327a6f3efb230a4d61966182f1d1c592aa222f4f820afaca6617680d09bd
-
SHA512
8c0164d4576959d7d474cd39545db1564e459f0ab55e51df601d132d6667b41e8751d236a3850934b0575ae9c1e09e230019609669276d36849da40400f0613c
Static task
static1
Behavioral task
behavioral1
Sample
password.txt.lnk
Resource
win7-20220414-en
Malware Config
Extracted
https://wang-data-science.com/wp-content/themes/scapeshot/etest.hta
Extracted
https://wang-data-science.com/wp-content/themes/scapeshot/etest.hta
Extracted
icedid
3289900935
ilzenhwery.com
Targets
-
-
Target
password.txt.lnk
-
Size
1KB
-
MD5
ee5dc8a66298685a6f6790e32e1a006b
-
SHA1
8bd4a8e15b8c097283b67dd8201ed41e01cbe794
-
SHA256
65e7327a6f3efb230a4d61966182f1d1c592aa222f4f820afaca6617680d09bd
-
SHA512
8c0164d4576959d7d474cd39545db1564e459f0ab55e51df601d132d6667b41e8751d236a3850934b0575ae9c1e09e230019609669276d36849da40400f0613c
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-