Overview
overview
10Static
static
ET.lnk
windows7-x64
10ET.lnk
windows10-1703-x64
10ET.lnk
windows10-2004-x64
10fumigating...es.cmd
windows7-x64
1fumigating...es.cmd
windows10-1703-x64
1fumigating...es.cmd
windows10-2004-x64
1fumigating/erupt.dll
windows7-x64
3fumigating/erupt.dll
windows10-1703-x64
3fumigating/erupt.dll
windows10-2004-x64
3fumigating...ty.cmd
windows7-x64
1fumigating...ty.cmd
windows10-1703-x64
1fumigating...ty.cmd
windows10-2004-x64
1General
-
Target
EP49.vhd
-
Size
2.0MB
-
Sample
221208-rfjvcadb6y
-
MD5
4c17da021097205a5b812d39ef04ad0e
-
SHA1
127019c9ef422e50fc9c28f852843723a0a725bd
-
SHA256
2052b4ce077f8a5e26656c804ddd1887dacf0e9839986b100eca73196db46086
-
SHA512
b87c91196ebe5e94c6f153c19b7299d884f4c54eef88031c9d70a59c9c13cadd781ac62876159cb5d81b69703f5a5dfc440533d5670e77a42a9d6cc9e0f84eff
-
SSDEEP
6144:li1hK5FXCE+lDuLvguRzXGbMbmGFVR7N2DFx/kYWK4XDfAW2J//+777777Lw9oHn:shKC6Y0rh5O//E777777LwmqLzF3u
Static task
static1
Behavioral task
behavioral1
Sample
ET.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ET.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
ET.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
fumigating/actuaries.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
fumigating/actuaries.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
fumigating/actuaries.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
fumigating/erupt.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
fumigating/erupt.dll
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
fumigating/erupt.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral10
Sample
fumigating/perplexity.cmd
Resource
win7-20221111-en
Behavioral task
behavioral11
Sample
fumigating/perplexity.cmd
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
fumigating/perplexity.cmd
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
3738574432
aslowigza.com
Targets
-
-
Target
ET.lnk
-
Size
1KB
-
MD5
4b80484dd006e1e0e88b4bd592e98da0
-
SHA1
5aa3d12864a2db3179d6a5f66ac293c57a332cf4
-
SHA256
999abe33ed3236e6e6a6864ab72b9e09ff9a4470783c746f068dea070020f147
-
SHA512
0ee0127c0ace5cd14e0b7bc09def52f9ff7ea8f39826c8236d4a4543a38d229aed704208c3c0b9ee41ce6e50fc97287cbf5a395fbf8ce72e73c7c3c337ad2c64
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
fumigating/actuaries.cmd
-
Size
226B
-
MD5
2d00a9d3868c4bacee48524f524d32e1
-
SHA1
ee4cd3aeea9945ba5e9596ad780bc0ae3c22fe18
-
SHA256
94ef6e51baf0bd264f7bdfe8347872804da8c4e03720829a94487be9a936d2dc
-
SHA512
7116471f6a07d94e42208836a056075c12c019fbfb4bc86f7fc092ed38b9824de45eeac2ddc6b5352a14fbdddbc19a39b4f4e89fc6ba641dd7b5c7efdf6bce7c
Score1/10 -
-
-
Target
fumigating/erupt.tmp
-
Size
209KB
-
MD5
952c6ae48b5f7cb5977f9ce5159944b7
-
SHA1
ec0ee94c0da39681e3ff7b78d2b1c6b63e76f9e5
-
SHA256
898a12fb7193c8260e9a8b9afc177b34608a9eeb1b927b895d9033e86185757d
-
SHA512
dfa53c3224888e73d9728fcdf605c0eaad8ed96bfdd7276f44be25c2292756a1e1a504c50ca525227d23e42d7045120ceab7e8f0cd84e992997d9376a5857143
-
SSDEEP
6144:z7N2DFx/kYWK4XDfAW2J//+777777Lw9oHMAqL4OF3u8:z5O//E777777LwmqLzF3u8
Score3/10 -
-
-
Target
fumigating/perplexity.cmd
-
Size
286B
-
MD5
c9272f3098f5af0eb3179c5c764e5cd5
-
SHA1
fa991da35d87d491c373e1ea90500f885ceb645d
-
SHA256
8821636bd9b82c303dc65dcfa986ee1d1b67463a84bfe940ee19d3dff86f2dcf
-
SHA512
04f25f060ab5d4b4b64cd8afdfdff808056346a9a8f1c9bf13a7948874c9360b91f707b79b5f292e8fd2ca6f0111bfccef6eeef7a20c0411c6e1ea971eda7153
Score1/10 -