General
-
Target
for_you_presentation-130722.32601.iso
-
Size
3.0MB
-
Sample
220718-ja8braada4
-
MD5
2ffc6ae4b3c06499087fe6d134c614a7
-
SHA1
f1c974b9524aa5f1444c96d1bb88958084472eb1
-
SHA256
7c161ef5ec016e2c03993049c45202d34f932d2f487140f594b34c9bf172c0e0
-
SHA512
e02a384ba5b373b54275ffe5df9a6fa72913b4687e959bf95d4943759864d310297fa7696b847d0c24a7cc5d211a0dfb2140c06dc47ad309f5d43943015c4aa2
Static task
static1
Behavioral task
behavioral1
Sample
for_you_presentation-130722.32601.png.lnk
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
for_you_presentation-130722.32601.png.lnk
Resource
win10v2004-20220715-en
Behavioral task
behavioral3
Sample
q4Ya8I9o.dll
Resource
win7-20220414-en
Malware Config
Extracted
icedid
277711618
bransfortrionaf.com
Targets
-
-
Target
for_you_presentation-130722.32601.png.lnk
-
Size
1KB
-
MD5
9cc841b8b2fed39c1467089541c6b5b7
-
SHA1
d7ac54640ee909dceb40e38a6a5d9f47921467c3
-
SHA256
160b4af6b508486b529707e2c9324981485867a333d799ca5ea812af1011c549
-
SHA512
5b933f9249b2c4582c74cb0dea54305079a81c719eda9ec9181185c7f597573462470e5531659b841912349e22db68192994a8fb4b65dea788c61d6397b5fad3
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
q4Ya8I9o.dll
-
Size
59KB
-
MD5
d314dad3bc7544a407253a06c9e7b4c0
-
SHA1
6f261032bc2ec8ee50981e3c52a112a07a5da6e0
-
SHA256
dd0f3f7c40ccc4f8fbe921e8b7db1f9d35a75a686e4ed7b06af52a791364a899
-
SHA512
a12770ad99955236436489c22b38e02daa3a21900ced2c38f653c2a2c9e469aa8ff08923f40054440f0841cd3e553c475404a74c17b77f4df0f674e6950579d0
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-