General
-
Target
09b0fbeb-d458-4be2-a28d-f0c04e6dc12b.html
-
Size
311KB
-
Sample
221219-crjw6aea93
-
MD5
0a42c0ac8ccaa95f63bc9b5d6ad0fb25
-
SHA1
f0e17f7a460d02d8e26896514a93bdb534acca5f
-
SHA256
702298b3f055f255f733cf92001e0223350b2dc63f276d53bc566a2074ab215c
-
SHA512
8e186e790749cc6c8246b0d83dd8fa68f53643edf0e37b649431f0e3b7b0e4fcf34ed2c1e66e1d9f8c69e41900ff34e2cde7256b0ed7ffe760e456f9544a84b3
-
SSDEEP
6144:RPXxPknMr0+J5LqWOv2BWTa2Xlx2HSem3N/DkSf3Yx1VJSxt+ooYuR7h:RPBuD+Hq3vyWO21eoAK3Yx3JSxcYe
Malware Config
Extracted
icedid
1268412609
ewgahskoot.com
Targets
-
-
Target
09b0fbeb-d458-4be2-a28d-f0c04e6dc12b.html
-
Size
311KB
-
MD5
0a42c0ac8ccaa95f63bc9b5d6ad0fb25
-
SHA1
f0e17f7a460d02d8e26896514a93bdb534acca5f
-
SHA256
702298b3f055f255f733cf92001e0223350b2dc63f276d53bc566a2074ab215c
-
SHA512
8e186e790749cc6c8246b0d83dd8fa68f53643edf0e37b649431f0e3b7b0e4fcf34ed2c1e66e1d9f8c69e41900ff34e2cde7256b0ed7ffe760e456f9544a84b3
-
SSDEEP
6144:RPXxPknMr0+J5LqWOv2BWTa2Xlx2HSem3N/DkSf3Yx1VJSxt+ooYuR7h:RPBuD+Hq3vyWO21eoAK3Yx3JSxcYe
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-