General
-
Target
2022-10-31-malware-and-artifacts-from-IcedID-infection.zip
-
Size
1.4MB
-
Sample
221115-qv9hwahh9s
-
MD5
269a6c866d215f2e076558c0a5e07c15
-
SHA1
c61f8c3fc4ab3eefba6c011b553457a16b2bda03
-
SHA256
0c379e7f59e89605eb70890dfeeb564ac64461fc8911031f15cbf5c4ace639e5
-
SHA512
971b5359657a45139619b97e8fe4dc7bb83a8fc0744472e2700f4a3e733422003f5e8ea21fdba4b6735d1acd848e1484f7be0b4624375d99e762b852b19d19d8
-
SSDEEP
24576:fvg8ia70j8/Czvte5KdBcZxtb8VHcAJcg9UjJNPhL3DhUtfYJDfpB0S1tuAfo70s:f48GY6zv45KsZXTI2J7mQdxWS1YAgPtL
Malware Config
Extracted
icedid
533886235
vgiragdoffy.com
Targets
-
-
Target
document_3_Oct31.iso
-
Size
1.6MB
-
MD5
3339890f086c12010a16cfe572cbb2b4
-
SHA1
947d4242281b0853c8c473b16c83f97e4587d06f
-
SHA256
043a13615bdfe7a7011f09b826a4a5f5597f8b8e4b9498c0807e67db9ad1ed88
-
SHA512
ad9338a17605c3e21441751304f7608893792a4562be65f4c4bec812f2626af5ffc15d54287e4587314f10f52fd7e5bb37a3667959dc43d55429615449b56aa2
-
SSDEEP
3072:2bK+nYMBh+aDMT7c5OdL6lxzs+M9EYr4gwsB/dNLB+hC:2bKYD+b5dyx904gRH+hC
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-