General
-
Target
Setup_Win_14-12-2022_18-36-29.msi
-
Size
1.9MB
-
Sample
221219-p2hs3afa44
-
MD5
483a92951b440f2212fbfba38174d8a4
-
SHA1
914b9a827b1937935681a033b1c32a2df97a4874
-
SHA256
63a7d98369925d6e98994cdb5937bd896506665be9f80dc55de7eb6df00f7607
-
SHA512
336d65a516d8503ec939cb52d186b42d1dc41abc253ac85262bd251f4c63f81fa78d8f48122e608c91ec7f6cf43db1daf87c9c26f6636fa6410d10541018a93b
-
SSDEEP
49152:Jr0QHD5a4/7yGe8EsuRMEl73hXNGzchfzYZppUQ:Jr08MuLshh
Static task
static1
Behavioral task
behavioral1
Sample
Setup_Win_14-12-2022_18-36-29.msi
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup_Win_14-12-2022_18-36-29.msi
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
1002085315
klepdrafooip.com
Targets
-
-
Target
Setup_Win_14-12-2022_18-36-29.msi
-
Size
1.9MB
-
MD5
483a92951b440f2212fbfba38174d8a4
-
SHA1
914b9a827b1937935681a033b1c32a2df97a4874
-
SHA256
63a7d98369925d6e98994cdb5937bd896506665be9f80dc55de7eb6df00f7607
-
SHA512
336d65a516d8503ec939cb52d186b42d1dc41abc253ac85262bd251f4c63f81fa78d8f48122e608c91ec7f6cf43db1daf87c9c26f6636fa6410d10541018a93b
-
SSDEEP
49152:Jr0QHD5a4/7yGe8EsuRMEl73hXNGzchfzYZppUQ:Jr08MuLshh
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-