General
-
Target
Invoice.lnk
-
Size
178KB
-
Sample
220706-wl7wkshgg2
-
MD5
c29d6fc092698aafe01ece64da57254f
-
SHA1
523e8303f8d6853ef499b742ef5e9d7485803a88
-
SHA256
d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae
-
SHA512
fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.lnk
Resource
win7-20220414-en
Malware Config
Extracted
http://comradespoon.com/5h.hta
Extracted
icedid
1487191074
vneastruzz.com
Extracted
http://comradespoon.com/5h.hta
Targets
-
-
Target
Invoice.lnk
-
Size
178KB
-
MD5
c29d6fc092698aafe01ece64da57254f
-
SHA1
523e8303f8d6853ef499b742ef5e9d7485803a88
-
SHA256
d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae
-
SHA512
fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-