General
-
Target
document_133_invoice#PDF.zip
-
Size
393KB
-
Sample
221206-x3scwsfd32
-
MD5
8d14aba904ff0e82dc0cd0c2e0c00239
-
SHA1
174e5114aa8170f5a8993555c0d42e53a7d7e78f
-
SHA256
773ffc701c7f24953e6126c129d29b1548aa92568087bcf3232bd0c8b838f8fb
-
SHA512
a86f6100e828533c51c01cf6ddf77b3d682a864a04da3644fb4396d522769058258d31c28aa682cfcc89698c77c483a8bf1182572e1f758b74c036517b0efc50
-
SSDEEP
12288:UHncIO7EXQaP1Yxe9UXQwfB3yKC981876+WK:UHcncQAFtHKm862HK
Malware Config
Extracted
icedid
764376559
saintrefunda.com
Targets
-
-
Target
document_133_invoice#PDF.msi
-
Size
660KB
-
MD5
76bf2b13ab0bdb12c1b8fc474fb9984e
-
SHA1
8c90ecad73788a40c93ca6a6411c79c581216cee
-
SHA256
070f9169977c766c426e9c1a8161a40f54a068ef7cc1c3090d226e87dc890095
-
SHA512
8945defdd78c03c0e62ac636657835e70210afba5ade7a8f9eab8c6725371b30a9ad26820ed57a0d7fe2b5af6bf2ab18a06ed6adb35c6203ae0dfd1057fd01be
-
SSDEEP
12288:nwHL0D7CkCPumy9chfA+tO5O//M777777LwmqLuSgF3u:wHL0S/zyt+M5OX/qtF3u
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-