General
-
Target
INV871623.iso
-
Size
496KB
-
Sample
220630-23yxwsbhfq
-
MD5
7890c93fc13ca9e643c738a11054ec86
-
SHA1
0e0f581e3b2b69d4cc139c84e2367ae5af53b5ae
-
SHA256
daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf
-
SHA512
7eb809eee53b1dc473b3b1ac21d1c08a6d9e86515d2cc43d970b70d9ba44aa8eb29e9e95e5a0521d5c28334ff5730c80a3f2bbfd4839c3de59ad5be9c2bd09d6
Static task
static1
Behavioral task
behavioral1
Sample
768327532892733679.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
768327532892733679.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
INV871623.txt.lnk
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
INV871623.txt.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
THjkgeCbhjm.ps1
Resource
win7-20220414-en
Malware Config
Extracted
icedid
1825398430
ciaontroni.com
Targets
-
-
Target
768327532892733679.dll
-
Size
424KB
-
MD5
92b73d78e901480734e937cc5a6c0c9d
-
SHA1
bc4c1a27ae6655bab4749a5fb4d5e6908ae1b563
-
SHA256
219d1bd045d7c3328184aba4842cc0d36acae7e835564d84ee2d8ffea94e4317
-
SHA512
85b9999a86f302b6ecf4519c1873eb20095a3700dd1d50f202cb3eae790cbeb21a36c770ae32768c9fa256168164b6b2e704a316cbcd199e31262aa2093c2bc6
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
-
-
Target
INV871623.txt.lnk
-
Size
1KB
-
MD5
7c1073209e40cb0957e097eb86ae4d79
-
SHA1
fd8b3b87f44bfef8f5a7af23adf496b5494eaf01
-
SHA256
1202a0e6d4b0282bcade76291346b5b410f05e05c978c087147a4c2006d69b42
-
SHA512
ac6b78c0657388119e3c7d70c3b708ffbdc643965dcd9d11240b96110559b5e24409bc34921fa700bdeb39c16d37b40b6c1b83420f302137a46c84ca66e61406
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
THjkgeCbhjm.ps1
-
Size
69B
-
MD5
c7f314e4db039ed46f95c7747d3ecec9
-
SHA1
3d448506d12a2274424bb24ef9519472fdd5285c
-
SHA256
caf8215e7e34ce4d16a2e1ee7ad3089bc815d243f84e8e8dffc190983cebc441
-
SHA512
ce20bea4d6692996b29a9c22e5deb04fe5aa186a5235ee213dd19bdb962bff8cf618feec912b06c66b76c3830f8a36179e371680c28d89e5a865518e28161fdf
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-