General
-
Target
e14269e16117e64c180649fea1f8ff5d25f63f9c937d9d78efb1003323ba7c5c.zip
-
Size
194KB
-
Sample
221005-z9agrsffh2
-
MD5
7954b769a66acd1ec066d2d71a947abc
-
SHA1
f8b67b21417621dd827e999f953e40089f4ae1b9
-
SHA256
7d487198a8e8fa2c6cc36f7da49c5a4213aab8d54c15df33dcf19c1f5f65205e
-
SHA512
401fbb87052e127d5f91081ba591015cb7380f261da2d89f21df012fd53e71e8e5d74625ce8cfa446e7757ff7fc1107abb90eceab7b5596571dc4584f15edab9
-
SSDEEP
3072:LMAQoikAx2Ikm+4n+j2qrGVKyUBJXOWo7VvWSDYxZBJJJn4WEtfPWwsGq5/DIZ:LMOixTPnnQrGgy5Z7VZEp4WEQwsGq5o
Malware Config
Extracted
icedid
2348925224
fireskupigar.com
Targets
-
-
Target
e14269e16117e64c180649fea1f8ff5d25f63f9c937d9d78efb1003323ba7c5c.zip
-
Size
193KB
-
MD5
6eefc99b23548e11ea7de61db0635a4d
-
SHA1
c9a9de5b21ca6d47b5004cc999786d5510eae755
-
SHA256
e14269e16117e64c180649fea1f8ff5d25f63f9c937d9d78efb1003323ba7c5c
-
SHA512
938391a4677b2bc0e81e1f426494686d34a0bedaed4a802827783b2d54c8b8a54b8f5a2580d1e4fab7327396cde21d7f436aaaff3ef6db5fef73961c1d526f2c
-
SSDEEP
6144:S1voXVVNDuxbHFNstRaEnZbZVmKpShavR:SmX3NDocEEb7meShavR
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-