General
-
Target
f677d2fffd8bce6f18a28b156c937e1e28a83bb2a29e2470e76d9314c2168678.msi
-
Size
720KB
-
Sample
221207-z5crbsgb79
-
MD5
123e08900a96c6f2f8edf6f7c8658436
-
SHA1
da2ab9ffa5011065e3caf4a6ee539790e514ab2f
-
SHA256
f677d2fffd8bce6f18a28b156c937e1e28a83bb2a29e2470e76d9314c2168678
-
SHA512
9c43da596de9b358798adb049e87c02ff13641d4b6f5449d1f9f94b50c798f45a30cc4ef7086102deb22027b4c6366b888981ac68c3d998685332c2b021ae9f8
-
SSDEEP
12288:mwHL0D7BkCPumy9chfA+tk8B0igC+/NHBQ1SdwS:PHL0R/zyt++8BtZKBmS+
Malware Config
Extracted
icedid
787509923
kamintrewftor.com
Targets
-
-
Target
f677d2fffd8bce6f18a28b156c937e1e28a83bb2a29e2470e76d9314c2168678.msi
-
Size
720KB
-
MD5
123e08900a96c6f2f8edf6f7c8658436
-
SHA1
da2ab9ffa5011065e3caf4a6ee539790e514ab2f
-
SHA256
f677d2fffd8bce6f18a28b156c937e1e28a83bb2a29e2470e76d9314c2168678
-
SHA512
9c43da596de9b358798adb049e87c02ff13641d4b6f5449d1f9f94b50c798f45a30cc4ef7086102deb22027b4c6366b888981ac68c3d998685332c2b021ae9f8
-
SSDEEP
12288:mwHL0D7BkCPumy9chfA+tk8B0igC+/NHBQ1SdwS:PHL0R/zyt++8BtZKBmS+
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-