General
-
Target
Document_07-12-2022_20-09-12_PDF.msi
-
Size
1.2MB
-
Sample
221207-3cjkysbe2z
-
MD5
8b0c350a9acf409690db50979fa8628e
-
SHA1
fa2bc04d301093a448d78560f86ad9b60930027d
-
SHA256
99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef
-
SHA512
01a685fb5a461261baaa15188565ca816712fe3b86a9776cc3b0941c4031a59b324d647446f88e0485d1b5ae60214bb35798341b24cc486fdc758cfec89d5bfc
-
SSDEEP
24576:wHL0tNrx5zH8h2q1ioC7ZTVVT+XirpTs7sx0QBnoNjla+idlpdIFyF3N0:wr0tNrxeB1BG/F+uTsAx0tlpidvdkyFC
Malware Config
Extracted
icedid
1234857371
ewgahskoot.com
Targets
-
-
Target
Document_07-12-2022_20-09-12_PDF.msi
-
Size
1.2MB
-
MD5
8b0c350a9acf409690db50979fa8628e
-
SHA1
fa2bc04d301093a448d78560f86ad9b60930027d
-
SHA256
99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef
-
SHA512
01a685fb5a461261baaa15188565ca816712fe3b86a9776cc3b0941c4031a59b324d647446f88e0485d1b5ae60214bb35798341b24cc486fdc758cfec89d5bfc
-
SSDEEP
24576:wHL0tNrx5zH8h2q1ioC7ZTVVT+XirpTs7sx0QBnoNjla+idlpdIFyF3N0:wr0tNrxeB1BG/F+uTsAx0tlpidvdkyFC
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-