General
-
Target
notification_3672325.iso
-
Size
52KB
-
Sample
220711-tdgy3safbl
-
MD5
5799938fddb486a8149c83e61368ee3e
-
SHA1
137d14f74c137c21bd7547c91a27afb0d7b42073
-
SHA256
5f878ecde76c4c587d911a4f2bbb6709cb6743f0137e5a22f36de9f2e533c703
-
SHA512
808f5d3f3e8e023018a20d0a17342b1c301d4d8ea790e36c1ab98ce75f9234f8cfc3f0037d06daa777bf78ea7f20a9bcfa60a7f259c401e89f3ef91c1896ab27
Static task
static1
Behavioral task
behavioral1
Sample
DATA/TEST1.ps1
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DATA/TEST1.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
NOTIFI~1.lnk
Resource
win7-20220414-en
Malware Config
Extracted
icedid
177045904
blionarywesta.com
Targets
-
-
Target
DATA/TEST1.PS1
-
Size
255B
-
MD5
a8e41776e85fa2bb46d61569f05125b1
-
SHA1
5bbbfb59f45046e8b28e0d8cbcda48362632f4cc
-
SHA256
17765318d48aabc6b7e1811fce443ee283ce58c4c63db4156bfc5f9c36fc5ed2
-
SHA512
75032782a96cd441770d14be97e1a2063c7bdf8fd078d5931213b3f9d3364c56496d12165941465f351bdb66ab47e6916ec96966f19ed6184f2eda3205b799e8
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
-
-
Target
NOTIFI~1.LNK
-
Size
1KB
-
MD5
00f5104d4918972ad7c605428137f680
-
SHA1
a0a334485a670b459c5d752199dc186e46a36196
-
SHA256
0f67ae6cfb884d170af88a69de9083231f713f468fee762002148f010fdf7f72
-
SHA512
ee20634ffc8b9256c0afba74bc975bba99a93fd0404fa578301e1bc838304aebf94afacc9f64b2dea587cdbb7aa043b995f8de8263f28d9fec7b96a15df4dccf
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-