General
-
Target
75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67
-
Size
1.4MB
-
Sample
221213-wjhtnsaa3v
-
MD5
8b5b12a30a087fbba3b14665a8951b1d
-
SHA1
b4cb2e10c0d4144f662d70f1635f31037f6db8c8
-
SHA256
75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67
-
SHA512
93465a3fa6874f5bc51a1442b724bdfa5d8af576211506c55dd4af02e3d5dacd7004f84ddd835e609bdf3cd119edfee6666507bacee3e799f9e12179bbfbc08e
-
SSDEEP
24576:BHL0lPEJnFbMyawb8e1e96Pef7k0bNRjpB4dPURad+J:Br0yJKyaC/BPg1Rad+
Malware Config
Extracted
icedid
1010550214
estrabornhot.com
Targets
-
-
Target
75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67
-
Size
1.4MB
-
MD5
8b5b12a30a087fbba3b14665a8951b1d
-
SHA1
b4cb2e10c0d4144f662d70f1635f31037f6db8c8
-
SHA256
75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67
-
SHA512
93465a3fa6874f5bc51a1442b724bdfa5d8af576211506c55dd4af02e3d5dacd7004f84ddd835e609bdf3cd119edfee6666507bacee3e799f9e12179bbfbc08e
-
SSDEEP
24576:BHL0lPEJnFbMyawb8e1e96Pef7k0bNRjpB4dPURad+J:Br0yJKyaC/BPg1Rad+
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-