General
-
Target
11.zip
-
Size
162KB
-
Sample
220831-bc1exsefem
-
MD5
bb7beab952d48d6bc556e14fb18e8f06
-
SHA1
9e8a567b5a12e3cbc880105e4879491bdcf015a9
-
SHA256
3902cf0da0a98be65271e73ca0d71edb256a5e9b085a035ae49a0b7ac34f5342
-
SHA512
42ac8ba36344af232ecc286a4bdfd2f898dbc3aab01cc9d272890860c93c5f403ebff58205b25a2b08fa15511b323702d7e4bfcbb7d965452d251a64414dd8b1
-
SSDEEP
3072:ZJViJvVHOOjc7YGjdzinNesjKcvnUn/yj7HWDx27prbxI:Z3iJvx6inN/znUaj7HQxYpu
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_Aug-29_document45_unpaid/5.bat
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Invoice_Aug-29_document45_unpaid/5.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Invoice_Aug-29_document45_unpaid/documents.lnk
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Invoice_Aug-29_document45_unpaid/documents.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Invoice_Aug-29_document45_unpaid/sterli0p.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Invoice_Aug-29_document45_unpaid/sterli0p.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
2260774107
godenfasternow.com
Targets
-
-
Target
Invoice_Aug-29_document45_unpaid/5.bat
-
Size
31B
-
MD5
0a0cd27c010edcb08b934c40ac8cfaed
-
SHA1
9d8db196561e7ef52b2324560ab6e1f7ea206d62
-
SHA256
9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879
-
SHA512
c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14
Score10/10-
Blocklisted process makes network request
-
-
-
Target
Invoice_Aug-29_document45_unpaid/documents.lnk
-
Size
1KB
-
MD5
9629f10740cd3cb2765bb784d0e62dbc
-
SHA1
ef9019c89073520bdacc63bf93776fbe6a3d6aca
-
SHA256
e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f
-
SHA512
094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Invoice_Aug-29_document45_unpaid/sterli0p.dll
-
Size
380KB
-
MD5
ed4780d70c750ccb81409e30a3448c8a
-
SHA1
3c24e3680c3747b5c2d73d0e92d80fe9db50740b
-
SHA256
4cbf08c2de6c55f292c9054674c57454307d3d74d2d85ec804c35708ab013de0
-
SHA512
71b69d64ad1d90baea7b9b9755e81a6e3aa6530f88a509005eb22b40c849083e88f62f8d376202218f127ea6718ab7680376dca813b8c4a7cbb40c6872bc7790
-
SSDEEP
6144:kWV/y/2ucWBj0NM24rn2whH2paneB6W69yfue9+P024rn2XQ4LHvomnVyAy7SsBi:D/sckjp24rn2whHdneB6WXue9R24rn2b
Score10/10-
Blocklisted process makes network request
-