Overview
overview
10Static
static
daa40acf17...cf.iso
windows7_x64
3daa40acf17...cf.iso
windows10-2004_x64
37683275328...79.dll
windows7_x64
107683275328...79.dll
windows10-2004_x64
10INV871623.txt.lnk
windows7_x64
3INV871623.txt.lnk
windows10-2004_x64
10THjkgeCbhjm.ps1
windows7_x64
10THjkgeCbhjm.ps1
windows10-2004_x64
10notice.txt
windows7_x64
1notice.txt
windows10-2004_x64
1General
-
Target
7665626121.zip
-
Size
231KB
-
Sample
220701-z2wd9sced2
-
MD5
48b9f560de83e668ac75ac6ebc6080b1
-
SHA1
83c087516ed88dfd99079c781e109f49e8c86ff4
-
SHA256
c942a533bd1c751d840bcad0fcb2a0a8ef986ce1baf95bd10ca6937fcb18ed5e
-
SHA512
0247fc3e640e4f275bc66e576f0c8d4f53f1a3a18640e0f99e9e73c20caf90fd0390c82bf4e00ad268e047352c65a1248d64da5644f71579e023acabd5bb5581
Static task
static1
Behavioral task
behavioral1
Sample
daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf.iso
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf.iso
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
768327532892733679.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
768327532892733679.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
INV871623.txt.lnk
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
INV871623.txt.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
THjkgeCbhjm.ps1
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
THjkgeCbhjm.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
notice.txt
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
notice.txt
Resource
win10v2004-20220414-en
Malware Config
Extracted
icedid
1825398430
ciaontroni.com
Targets
-
-
Target
daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf
-
Size
496KB
-
MD5
7890c93fc13ca9e643c738a11054ec86
-
SHA1
0e0f581e3b2b69d4cc139c84e2367ae5af53b5ae
-
SHA256
daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf
-
SHA512
7eb809eee53b1dc473b3b1ac21d1c08a6d9e86515d2cc43d970b70d9ba44aa8eb29e9e95e5a0521d5c28334ff5730c80a3f2bbfd4839c3de59ad5be9c2bd09d6
Score3/10 -
-
-
Target
768327532892733679.dll
-
Size
424KB
-
MD5
92b73d78e901480734e937cc5a6c0c9d
-
SHA1
bc4c1a27ae6655bab4749a5fb4d5e6908ae1b563
-
SHA256
219d1bd045d7c3328184aba4842cc0d36acae7e835564d84ee2d8ffea94e4317
-
SHA512
85b9999a86f302b6ecf4519c1873eb20095a3700dd1d50f202cb3eae790cbeb21a36c770ae32768c9fa256168164b6b2e704a316cbcd199e31262aa2093c2bc6
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
-
-
Target
INV871623.txt.lnk
-
Size
1KB
-
MD5
7c1073209e40cb0957e097eb86ae4d79
-
SHA1
fd8b3b87f44bfef8f5a7af23adf496b5494eaf01
-
SHA256
1202a0e6d4b0282bcade76291346b5b410f05e05c978c087147a4c2006d69b42
-
SHA512
ac6b78c0657388119e3c7d70c3b708ffbdc643965dcd9d11240b96110559b5e24409bc34921fa700bdeb39c16d37b40b6c1b83420f302137a46c84ca66e61406
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
THjkgeCbhjm.ps1
-
Size
69B
-
MD5
c7f314e4db039ed46f95c7747d3ecec9
-
SHA1
3d448506d12a2274424bb24ef9519472fdd5285c
-
SHA256
caf8215e7e34ce4d16a2e1ee7ad3089bc815d243f84e8e8dffc190983cebc441
-
SHA512
ce20bea4d6692996b29a9c22e5deb04fe5aa186a5235ee213dd19bdb962bff8cf618feec912b06c66b76c3830f8a36179e371680c28d89e5a865518e28161fdf
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
-
-
Target
notice.txt
-
Size
366B
-
MD5
8054a00a327955bb34ef9d930dc19a20
-
SHA1
7445f99b93469efb9bd5746cf5c4520f25894150
-
SHA256
d82a953766e7951c5c49923cdd361377e17d3bb6b321416766344ceb3a6ac165
-
SHA512
8f0359ab757551af5e8feb7857d3434fdffab0f7f9c26cefcf0fac0dc6d5e31b163aefc75252b340fe7eaeafea6677e894ef5958177680a617bde232a00a58e9
Score1/10 -