General
-
Target
ad0b597f-8472-47ba-acbc-3f1f230c4368.html
-
Size
311KB
-
Sample
221219-cwd7gaea97
-
MD5
04b6f6cdda4411c45038f328824a9380
-
SHA1
2cd6065d6b38c8f3be00dd0f69794840cb1cc1dd
-
SHA256
e3ca823e3e4f5df33fcb5edb04843bdb44a81815935cf83be69e09e44019d419
-
SHA512
602858c0abb0e6d27e41f88f3b8eab4e1fcc7f9e52721460f64f71b05a6ace8997ae718f5f53764e2d9c383b7ee78a4b5b0e090abcf0de9bc00d495e40df548c
-
SSDEEP
6144:tvWj6cKrpS3b0M7wVY80a+PnHzjiWNANF0PtpRSem3N/DkSf3Yx1VJSxt+ooYuuH:t66cKrQdna+vHzjikAeTRoAK3Yx3JSx7
Malware Config
Extracted
icedid
1268412609
ewgahskoot.com
Targets
-
-
Target
ad0b597f-8472-47ba-acbc-3f1f230c4368.html
-
Size
311KB
-
MD5
04b6f6cdda4411c45038f328824a9380
-
SHA1
2cd6065d6b38c8f3be00dd0f69794840cb1cc1dd
-
SHA256
e3ca823e3e4f5df33fcb5edb04843bdb44a81815935cf83be69e09e44019d419
-
SHA512
602858c0abb0e6d27e41f88f3b8eab4e1fcc7f9e52721460f64f71b05a6ace8997ae718f5f53764e2d9c383b7ee78a4b5b0e090abcf0de9bc00d495e40df548c
-
SSDEEP
6144:tvWj6cKrpS3b0M7wVY80a+PnHzjiWNANF0PtpRSem3N/DkSf3Yx1VJSxt+ooYuuH:t66cKrQdna+vHzjikAeTRoAK3Yx3JSx7
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-