General
-
Target
soon.msi
-
Size
1.4MB
-
Sample
221219-2n3mjagc74
-
MD5
303b59a952508e0bb83dce110f531ce1
-
SHA1
be036b4b707553694268f876d97c071782c09ce7
-
SHA256
05adcd44c155d9bde8704c6f886889127769f6f3a5b1af23d78e95d9cd402afb
-
SHA512
ce3a9161e8aeb3ef46a5ba04c273aaa44ea977f5a6c90c9696c95c5efc5ce8a960c381944984881da8c51bb2435e207bfa00d9e2902de9a59cc153a1dc1f5901
-
SSDEEP
24576:GHL0mPEJnFbMyaNb8e1e96Pef7k0bNRjpB4dPURa8:Gr05JKya1/BPg1Ra8
Malware Config
Extracted
icedid
3407323965
estrabornhot.com
Targets
-
-
Target
soon.msi
-
Size
1.4MB
-
MD5
303b59a952508e0bb83dce110f531ce1
-
SHA1
be036b4b707553694268f876d97c071782c09ce7
-
SHA256
05adcd44c155d9bde8704c6f886889127769f6f3a5b1af23d78e95d9cd402afb
-
SHA512
ce3a9161e8aeb3ef46a5ba04c273aaa44ea977f5a6c90c9696c95c5efc5ce8a960c381944984881da8c51bb2435e207bfa00d9e2902de9a59cc153a1dc1f5901
-
SSDEEP
24576:GHL0mPEJnFbMyaNb8e1e96Pef7k0bNRjpB4dPURa8:Gr05JKya1/BPg1Ra8
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-