General
-
Target
build-064.msi
-
Size
720KB
-
Sample
221212-vv5l5sca43
-
MD5
4b5e7a1fbd90cd678b8648ff34de5813
-
SHA1
efa480263a6d2bf167592b04bd64e0ebe5685318
-
SHA256
f0bd3ee5f750d9bff17c13acfcdd96ab42e194319d766053104dee666b58e7bb
-
SHA512
f19664821059994e7e7f07dec13eb61a87ee1b138bb5344c14909bed8315cc27946414f47fbcd011a0a569203542114434fe9a5f9f02bacb101605459f4e4dde
-
SSDEEP
12288:/wHL0D7MkCPumy9chfA+tC8B0igC+/NHBT1SMut:YHL08/zyt+Q8BtZKBRSZ
Static task
static1
Behavioral task
behavioral1
Sample
build-064.msi
Resource
win7-20221111-en
Malware Config
Extracted
icedid
787509923
kamintrewftor.com
Targets
-
-
Target
build-064.msi
-
Size
720KB
-
MD5
4b5e7a1fbd90cd678b8648ff34de5813
-
SHA1
efa480263a6d2bf167592b04bd64e0ebe5685318
-
SHA256
f0bd3ee5f750d9bff17c13acfcdd96ab42e194319d766053104dee666b58e7bb
-
SHA512
f19664821059994e7e7f07dec13eb61a87ee1b138bb5344c14909bed8315cc27946414f47fbcd011a0a569203542114434fe9a5f9f02bacb101605459f4e4dde
-
SSDEEP
12288:/wHL0D7MkCPumy9chfA+tC8B0igC+/NHBT1SMut:YHL08/zyt+Q8BtZKBRSZ
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-