Overview
overview
10Static
static
NGH39.iso
windows7-x64
3NGH39.iso
windows10-2004-x64
3FF.vbs
windows7-x64
10FF.vbs
windows10-2004-x64
10data.txt
windows7-x64
1data.txt
windows10-2004-x64
1swore/personalize.txt
windows7-x64
1swore/personalize.txt
windows10-2004-x64
1swore/pestle.txt
windows7-x64
1swore/pestle.txt
windows10-2004-x64
1swore/remounting.dll
windows7-x64
10swore/remounting.dll
windows10-2004-x64
10General
-
Target
NGH39.iso
-
Size
708KB
-
Sample
221118-w9rt9sbh42
-
MD5
322d7cabfc5e30aab76e7b85c1182da0
-
SHA1
96111fa837c73f4b25cb1d0c4a6809b8bc52ad4e
-
SHA256
fe04cf710700a364c38f52835fa222dc9dfd01002f1f1fdaf64cd758ce8f8c6b
-
SHA512
d6e9029329d9f3458388cb62a05a61cd113b42fd295406253bcf09d542d517bd42ac4bc145e7c99d4ebf6373e737874fdc13ccb2ff9265b46a0686df6fbb02b7
-
SSDEEP
6144:mK81aGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1t:mts+9g9wBkX4Hp5uTBppLM
Static task
static1
Behavioral task
behavioral1
Sample
NGH39.iso
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
NGH39.iso
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
FF.vbs
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
FF.vbs
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
data.txt
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
data.txt
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
swore/personalize.txt
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
swore/personalize.txt
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
swore/pestle.txt
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
swore/pestle.txt
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
swore/remounting.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
swore/remounting.dll
Resource
win10v2004-20220901-en
Malware Config
Extracted
icedid
3822462527
sciiultaelinoza.com
Targets
-
-
Target
NGH39.iso
-
Size
708KB
-
MD5
322d7cabfc5e30aab76e7b85c1182da0
-
SHA1
96111fa837c73f4b25cb1d0c4a6809b8bc52ad4e
-
SHA256
fe04cf710700a364c38f52835fa222dc9dfd01002f1f1fdaf64cd758ce8f8c6b
-
SHA512
d6e9029329d9f3458388cb62a05a61cd113b42fd295406253bcf09d542d517bd42ac4bc145e7c99d4ebf6373e737874fdc13ccb2ff9265b46a0686df6fbb02b7
-
SSDEEP
6144:mK81aGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1t:mts+9g9wBkX4Hp5uTBppLM
Score3/10 -
-
-
Target
FF.vbs
-
Size
9KB
-
MD5
1c4f6bbfd0f1ee596b90bb02b288d98e
-
SHA1
7ca6d06613abc2ed4f6648b538c849ec309f14ce
-
SHA256
9ec7e0b4390bc8ab72bf6b310d41fda82278e73e8d9d907a6b3dddde50b092b0
-
SHA512
366fb895581cb2c7de7f6ceea548138bc15622e0a9f46acaa9acfbf2e6102debbcb323fe5ab867b3dc76ad147d0031637bd41db251a5220a0dcbfa537b34ef1a
-
SSDEEP
192:teSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:g4pnrcpE4hpPCMhidmnGm80jWb4
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
data.txt
-
Size
3B
-
MD5
f241176a4e2ae5d8dcdc32ef95083226
-
SHA1
b1442fdff89f64c13a38a2d35407a315a033577a
-
SHA256
1fc61c2a8598b892e1aba390c70cde2c695f2c81abd5eeaadef902a9cf9d777e
-
SHA512
fbf2577597b6c861e41d419b5f1fb581b3568ab1c52c993552be1ef8881c360aa40b4c7c4fef52a6197bf46638ef71abc9989365546fc4c9c8aed381bfb0c334
Score1/10 -
-
-
Target
swore/personalize.txt
-
Size
260KB
-
MD5
d874ce67de2b1fa668011615d933de6d
-
SHA1
5347670534a0ec81801eebd98fc326c9c3f30c22
-
SHA256
de4db839a630a5d2c4bc3cffc92db37fee1b3ef03d0ad201daaf8a8573a41e9e
-
SHA512
38ab254a4c9f271f521937ab83c98805dd189004d6a9472be5010434f80f81a211336b23ff5830b1c378f611727609b2bd6d13b3727664d7219de6e2fccaf7c9
-
SSDEEP
3072:VMUkGEsLSvmaM3lzkTMYXQQkBTM3sJqM1rMY2ukQk0l2:VaGEoSvma0lgTxwBT0kqnYMXv
Score1/10 -
-
-
Target
swore/pestle.txt
-
Size
277KB
-
MD5
df1d4260ab003551c55772ec4318c294
-
SHA1
9e8a3c90933d4fd5e1d6f64e06d3a60a78ac42a0
-
SHA256
1d13b655d1c8c275c1943badcaef5c56e2c47865d27dcaf9d6230809c05af2ff
-
SHA512
6716f24008d08079809e10efaa971659d83902846c5184d0c2973238e2677bbc9436b25aae276ce118ec773fd02acc812750926d97f65d1c624a71c32781fa04
-
SSDEEP
6144:q0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1b++BbXm/W6HB0lDE4KXplDVblD94:4Hp5uTBp2
Score1/10 -
-
-
Target
swore/remounting.temp
-
Size
100KB
-
MD5
b235912cfba88b4729783cf45ffcdfec
-
SHA1
96c2de06c29dbff408dd1503bbfb7339b51fd876
-
SHA256
8abc47bd49bdccfc9db686068aec5732fc52fe7eb94907d96115867ab8b0d7a4
-
SHA512
8a0a9b570442c7891ce86877a21615c794d83e7e79b2d0cadb158534d317d879d73b642a81608aa5f2bc96e4871c0fc6b93e6b7ee983ffb92cc5e0ce90de6c7c
-
SSDEEP
1536:gZO05V5QA9tXrTMMv6OHKj2luFY0xS57B3l/ApekzDsw9BM8cpmSn0l7i59:mj/MM3A6XkbfcQin
Score10/10-
Blocklisted process makes network request
-