General
-
Target
range_their.msi
-
Size
1.4MB
-
Sample
221214-tnzlwadc71
-
MD5
05b0f6ddd315e85d95038ade3d48f28a
-
SHA1
cb9aa99c2744b4fd1b755c9a3858df869645c24f
-
SHA256
4d47ae858358361c1620d6f0d083946944cffb4165ecc620522e6156d9009607
-
SHA512
44d1b19c4c5badb00622025e2426cb58ed2a084834ec3a3e49cefc7f64ce13dc9637e073af506faecc38eaa9a35c1b3886c3f87f08d41af4833771cdc4d8925b
-
SSDEEP
24576:wHL0kPEJnFbMyaRb8e1e96Pef7k0bNRjpB4dPURaH:wr0PJKyah/BPg1RaH
Malware Config
Extracted
icedid
3407323965
estrabornhot.com
Targets
-
-
Target
range_their.msi
-
Size
1.4MB
-
MD5
05b0f6ddd315e85d95038ade3d48f28a
-
SHA1
cb9aa99c2744b4fd1b755c9a3858df869645c24f
-
SHA256
4d47ae858358361c1620d6f0d083946944cffb4165ecc620522e6156d9009607
-
SHA512
44d1b19c4c5badb00622025e2426cb58ed2a084834ec3a3e49cefc7f64ce13dc9637e073af506faecc38eaa9a35c1b3886c3f87f08d41af4833771cdc4d8925b
-
SSDEEP
24576:wHL0kPEJnFbMyaRb8e1e96Pef7k0bNRjpB4dPURaH:wr0PJKyah/BPg1RaH
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-