General
-
Target
7092d744817b17348172c00fe2bc3710794688fe34e200c9c4e7ab6d3ecfda02.zip
-
Size
731KB
-
Sample
221214-g68laahc86
-
MD5
cb342cbe41e4892c0120c04078e57620
-
SHA1
f5e91c14e40545dc98f677a01a44590c672884ef
-
SHA256
7092d744817b17348172c00fe2bc3710794688fe34e200c9c4e7ab6d3ecfda02
-
SHA512
0f53e59c3b4bd7d6ffa2f6b6195e70b3fa09c7b87fbefd4b680a9f6a70b9cdb06c69fd32cc4f80c91b6dd3383e997ed2869f16961fc579cff07885dcb5ac39cf
-
SSDEEP
12288:vvIqfXVQR4AVIRbV1ppF9LT1Q5elKUbjGQN/q1Coz0DW9U9RFtI:Y2VQRDCbVTpFxTi54KAjllABzsWq9/u
Static task
static1
Behavioral task
behavioral1
Sample
soon_even.msi
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
soon_even.msi
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
3407323965
estrabornhot.com
Targets
-
-
Target
soon_even.msi
-
Size
1.4MB
-
MD5
e97dda068d2b38835208a41cadad4740
-
SHA1
67adf8ec8479b8132f7a999f7d7556481d584208
-
SHA256
ebd022c7fed376881b90383028b0a6b18bc68f068cab5b4dadc57690612952e7
-
SHA512
8da4eff36676d8ed7cf13c0da0a853e19d54eaeb3c3d3ee4cb7945e1db4582fbb879838f91660a6a53f88ac29c12c633e88d713a92152d8116ea3fe6ee0ff634
-
SSDEEP
24576:nHL0HPEJnFbMyaPb8e1e96Pef7k0bNRjpB4dPURaZ:nr0MJKyaT/BPg1RaZ
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-