General
-
Target
7d35396b85f32777a8a70cbff172be4d037ec8609236d697a3ff4d0b76a8cdb4
-
Size
660KB
-
Sample
221207-vr3y5sfe24
-
MD5
ab21353bfd48417fc6ee294d83904b61
-
SHA1
6c7cfdc49060d361b2fdbe5a02c2372a290ee651
-
SHA256
7d35396b85f32777a8a70cbff172be4d037ec8609236d697a3ff4d0b76a8cdb4
-
SHA512
ed23c1548db2d40fbc69634876c6c12b105dbd8968498c971427dd1214a23429af48b3925066de79fc9c1fc70c6b6d212ca3d1d76baba6086c90bf559697fc64
-
SSDEEP
12288:rwHL0D7vkCPumy9chfA+tm5O//V777777LwmqLcQF3uI:cHL0f/zyt+E5OX63F3uI
Malware Config
Extracted
icedid
3451073236
aslowigza.com
Targets
-
-
Target
7d35396b85f32777a8a70cbff172be4d037ec8609236d697a3ff4d0b76a8cdb4
-
Size
660KB
-
MD5
ab21353bfd48417fc6ee294d83904b61
-
SHA1
6c7cfdc49060d361b2fdbe5a02c2372a290ee651
-
SHA256
7d35396b85f32777a8a70cbff172be4d037ec8609236d697a3ff4d0b76a8cdb4
-
SHA512
ed23c1548db2d40fbc69634876c6c12b105dbd8968498c971427dd1214a23429af48b3925066de79fc9c1fc70c6b6d212ca3d1d76baba6086c90bf559697fc64
-
SSDEEP
12288:rwHL0D7vkCPumy9chfA+tm5O//V777777LwmqLcQF3uI:cHL0f/zyt+E5OX63F3uI
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-