Overview
overview
10Static
static
ET.lnk
windows7-x64
10ET.lnk
windows10-1703-x64
10ET.lnk
windows10-2004-x64
10developer/...ng.cmd
windows7-x64
1developer/...ng.cmd
windows10-1703-x64
1developer/...ng.cmd
windows10-2004-x64
1developer/inhales.cmd
windows7-x64
1developer/inhales.cmd
windows10-1703-x64
1developer/inhales.cmd
windows10-2004-x64
1developer/...ss.dll
windows7-x64
3developer/...ss.dll
windows10-1703-x64
3developer/...ss.dll
windows10-2004-x64
3General
-
Target
CA20.vhd
-
Size
2.0MB
-
Sample
221208-r7jcwsdc6w
-
MD5
c4399bd59becad5e7bdc2cfceb32e9b1
-
SHA1
5dcab70ea4339609049e553822948614d0a07d64
-
SHA256
4aeff5a6879a17784d3765643eec3fc70efc6cbbeb469de29cda8f9b9d3a8138
-
SHA512
ea517cac6097e552e7ad5ec8a8a89d2082ee479a3be497e7f786984feac08686817fd2ce9e455abdd12baeafc1190edbe51e97fa1cf585bea87ff2b805f73426
-
SSDEEP
6144:67N2DFx/kYWK4XDfAW2C//+777777Lw9oHMAqLa8F3u:65O//r777777LwmqLbF3u
Static task
static1
Behavioral task
behavioral1
Sample
ET.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ET.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
ET.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
developer/becoming.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
developer/becoming.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
developer/becoming.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
developer/inhales.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
developer/inhales.cmd
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
developer/inhales.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral10
Sample
developer/nevertheless.dll
Resource
win7-20221111-en
Behavioral task
behavioral11
Sample
developer/nevertheless.dll
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
developer/nevertheless.dll
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
3738574432
aslowigza.com
Targets
-
-
Target
ET.lnk
-
Size
1KB
-
MD5
02f57b1af9c0719d29175743a380e724
-
SHA1
de0f7e98cb9fffd835601f32b671778fe8e6cb7b
-
SHA256
54ea0e71bfa44198d69f3f08e3e6a21545034922c8d42b25ac698985be076133
-
SHA512
4ae240b7dcf6a0263bf9b7669ff52d73d3bd03e47f93c4a44785876ba57865867eceeed8fe8fdb1427ab9c65711256b81f7f51f63ec67653fa88314c57809705
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
developer/becoming.cmd
-
Size
179B
-
MD5
5c4455e3aea061007547c64dfdf4e626
-
SHA1
548be0c159d50e29d8297b4891d392a4cd17eff2
-
SHA256
a51e88173b9e832a814df852206975d0186dd310e2313f3fade232b4f029b152
-
SHA512
9373a47fe306f8328fd48f88b438140a9ded37d5f151bad3d6fc9d1d5e7f9ec07a84528ccb17c90549203cd98c716c6c10b9352f007f0eab1f443b67cb6e6ca0
Score1/10 -
-
-
Target
developer/inhales.cmd
-
Size
299B
-
MD5
a662b1f12e5002dff7fb755cd8c091c1
-
SHA1
6c8dd732a29e9ebf36b2fc43a08abe4a5db922ca
-
SHA256
a6b5db682703730d7f1a64f9cbe2386bae8c6b2af31549e83eba2458b0db9345
-
SHA512
ed525bc09479a0c934997c53713f6d789a7cc43f18cc71424bf0d3e498d4f4c4dff64f534078e9aac165ffebc1db6e717cf50e56502ecbb0c8964235082b3102
Score1/10 -
-
-
Target
developer/nevertheless.tmp
-
Size
209KB
-
MD5
bc47f431d704a935bdd20d65aceab8df
-
SHA1
9729b10dde412058d36636a7522996651aaabe9f
-
SHA256
4125a812e9d57cce27ab819705a96634ec91ce23cf7dc2c36e82ba15ec4fe184
-
SHA512
96c49bd4204c7501ddc08cc39d0a7930636d22a435501fefa8d8de89a70a568ae74e76afe3575464812555f7ef8f77c31e87cb477cf4cf47a38620b453e84f59
-
SSDEEP
6144:s7N2DFx/kYWK4XDfAW2C//+777777Lw9oHMAqLa8F3u8:s5O//r777777LwmqLbF3u8
Score3/10 -