General
-
Target
Setup_Win_14-12-2022_20-25-57.msi
-
Size
1.9MB
-
Sample
221214-ze8fbabb33
-
MD5
1108c1add09244f8615d6cc6539f9602
-
SHA1
a0c1bd208e3dfc0b928d6b06b3a7bd9fba43b15b
-
SHA256
b2675ac7e8e728ea6c6a23aa67f264e80913387c978252e43fbd3cbf41278f63
-
SHA512
21ba422893566afdbe2c0343d178d4c8bf7f752d1caf3e7c7203ed3eb192b64138b5d74265f53b4dae39952c48d464ec057e47706aa45438ad91a0aab9a96398
-
SSDEEP
49152:9r0nHD5a4/oyGe8EsuRMEl73hXNGzchfzYZppUQ:9r0jMDLshh
Malware Config
Extracted
icedid
1002085315
klepdrafooip.com
Targets
-
-
Target
Setup_Win_14-12-2022_20-25-57.msi
-
Size
1.9MB
-
MD5
1108c1add09244f8615d6cc6539f9602
-
SHA1
a0c1bd208e3dfc0b928d6b06b3a7bd9fba43b15b
-
SHA256
b2675ac7e8e728ea6c6a23aa67f264e80913387c978252e43fbd3cbf41278f63
-
SHA512
21ba422893566afdbe2c0343d178d4c8bf7f752d1caf3e7c7203ed3eb192b64138b5d74265f53b4dae39952c48d464ec057e47706aa45438ad91a0aab9a96398
-
SSDEEP
49152:9r0nHD5a4/oyGe8EsuRMEl73hXNGzchfzYZppUQ:9r0jMDLshh
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-