General
-
Target
8582729284.zip
-
Size
720KB
-
Sample
221213-whjpksaa3t
-
MD5
ce691a917ae5d9b6885af7b5d243cef8
-
SHA1
65e306f754255c9fb659b1196acb27bfd6b76a80
-
SHA256
7d6c5cdb5d612d9a8eba3312fae5f97f558a14d9f582042f54fbefdd6fd5b762
-
SHA512
a96b18d5e55de2ed11575727618a6a72a55ea51ac65ae829b6832ba9462b360c1a3e9df0db2e15e8b773cc755f791074c44ce55912708d3dd9ddcb62ff32655e
-
SSDEEP
12288:7BpFgi0m1K4yIEX5344vpu3U9l4CCtmfG0Y8BZ2WPXJoPRuABxFjuXHQtYRIi5mE:PFNLSJ34+tCtaG0YIZlXJWu3QtJic3b0
Static task
static1
Behavioral task
behavioral1
Sample
Setup_Win_13-12-2022_17-31-38.msi
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup_Win_13-12-2022_17-31-38.msi
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1010550214
estrabornhot.com
Targets
-
-
Target
Setup_Win_13-12-2022_17-31-38.msi
-
Size
1.4MB
-
MD5
8b5b12a30a087fbba3b14665a8951b1d
-
SHA1
b4cb2e10c0d4144f662d70f1635f31037f6db8c8
-
SHA256
75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67
-
SHA512
93465a3fa6874f5bc51a1442b724bdfa5d8af576211506c55dd4af02e3d5dacd7004f84ddd835e609bdf3cd119edfee6666507bacee3e799f9e12179bbfbc08e
-
SSDEEP
24576:BHL0lPEJnFbMyawb8e1e96Pef7k0bNRjpB4dPURad+J:Br0yJKyaC/BPg1Rad+
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-