General

  • Target

    Setup_Win_16-12-2022_16-47-34.msi

  • Size

    1.6MB

  • Sample

    221216-wgaehsaa2y

  • MD5

    392916da17e4ef4d8c88c778cf75db5a

  • SHA1

    1996bc54416273a26bf938a713f9f35a5aae68a8

  • SHA256

    e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a

  • SHA512

    4c554f32906b3ce50633628afac4a3984f8e5f4039f185d4d8d6d653aa35d6df2eae860d4a64a08e94c4cd4283d56e5118ab5447f2fa53b590ad1cde638b182d

  • SSDEEP

    24576:7HL0HvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:7r0YglMbr3SWpsWjRMMKIIDB/k

Malware Config

Extracted

Family

icedid

Campaign

1228806356

C2

klepdrafooip.com

Targets

    • Target

      Setup_Win_16-12-2022_16-47-34.msi

    • Size

      1.6MB

    • MD5

      392916da17e4ef4d8c88c778cf75db5a

    • SHA1

      1996bc54416273a26bf938a713f9f35a5aae68a8

    • SHA256

      e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a

    • SHA512

      4c554f32906b3ce50633628afac4a3984f8e5f4039f185d4d8d6d653aa35d6df2eae860d4a64a08e94c4cd4283d56e5118ab5447f2fa53b590ad1cde638b182d

    • SSDEEP

      24576:7HL0HvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:7r0YglMbr3SWpsWjRMMKIIDB/k

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks