General
-
Target
Invoice_2867_Dec9.html
-
Size
311KB
-
Sample
221212-srb5babf75
-
MD5
94cf57ab21b2b3b5a1a8ebe0961c4cbb
-
SHA1
c5fd6588be10e48e26c2971289f0c93b77100e9c
-
SHA256
8b321cb5357bad59a0545c1d4f9649fa1171062c10de53ea71564cb5a75933ee
-
SHA512
48d1bc5c70dcc46bfee0fb47be2dbd88a289933d831c6fcb22eb98aee546968c3fe2b6e897835277a8c82770bda4b633d04e4f427c04f8498ad9df6acd298a69
-
SSDEEP
6144:QnTl5uEVdV/hGNcXfHHavj3mb21BbmM3HSem3N/DkSf3Yx1VJSxt+ooYupT:QzV/sNqfHWm6BbmkoAK3Yx3JSxcYW
Malware Config
Extracted
icedid
1268412609
ewgahskoot.com
Targets
-
-
Target
Invoice_2867_Dec9.html
-
Size
311KB
-
MD5
94cf57ab21b2b3b5a1a8ebe0961c4cbb
-
SHA1
c5fd6588be10e48e26c2971289f0c93b77100e9c
-
SHA256
8b321cb5357bad59a0545c1d4f9649fa1171062c10de53ea71564cb5a75933ee
-
SHA512
48d1bc5c70dcc46bfee0fb47be2dbd88a289933d831c6fcb22eb98aee546968c3fe2b6e897835277a8c82770bda4b633d04e4f427c04f8498ad9df6acd298a69
-
SSDEEP
6144:QnTl5uEVdV/hGNcXfHHavj3mb21BbmM3HSem3N/DkSf3Yx1VJSxt+ooYupT:QzV/sNqfHWm6BbmkoAK3Yx3JSxcYW
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-