General
-
Target
IRS_Form-12-09#190.iso
-
Size
1.8MB
-
Sample
221212-szalfsbg25
-
MD5
6c9e3fb476ed918865649c003308b614
-
SHA1
6eff37754b16fec4da00742aca1e68f286c9a7c4
-
SHA256
722018f7c9ae47ffa1e6372e8134b35cd1598cfc40935172222beb56d7ebefff
-
SHA512
2f31aa660b7217619405503a48a5ef84fdcf746cde8bc15d5230b2294c0eaaa40cdc5df8e743fcecb30214c2c537a8cc913623405e02e6df56e4540a34d77b2c
-
SSDEEP
24576:g0zID/kJAHL/WPXoPcTPbgrQlRNKIg8g:g0u/WPXoPcTPbgrQlRNKIg8g
Malware Config
Extracted
icedid
1268412609
ewgahskoot.com
Targets
-
-
Target
IRS_Form-12-09#190.iso
-
Size
1.8MB
-
MD5
6c9e3fb476ed918865649c003308b614
-
SHA1
6eff37754b16fec4da00742aca1e68f286c9a7c4
-
SHA256
722018f7c9ae47ffa1e6372e8134b35cd1598cfc40935172222beb56d7ebefff
-
SHA512
2f31aa660b7217619405503a48a5ef84fdcf746cde8bc15d5230b2294c0eaaa40cdc5df8e743fcecb30214c2c537a8cc913623405e02e6df56e4540a34d77b2c
-
SSDEEP
24576:g0zID/kJAHL/WPXoPcTPbgrQlRNKIg8g:g0u/WPXoPcTPbgrQlRNKIg8g
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-