General
-
Target
Setup_Win_19-12-2022_13-01-59.msi
-
Size
1.6MB
-
Sample
221220-q5kx9shf98
-
MD5
1288db9034ce84b91c7d9a66214917ce
-
SHA1
1732dca74c60413d35bb7fe95f3485de4c84e095
-
SHA256
1e85bf506aeb16fac2ce8e8c873991abe86d5afa2ad0148d57b4f080a675ede8
-
SHA512
9ea1f54d646257ec77b98973224cca610a191456cf565897fa74fda3ff6ea602398c7133d0b641f2746e5c58f30cf31f93f7b221fb499f2aed1420e34df494de
-
SSDEEP
24576:aHL0lvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:ar0eglMbr3SWpsWjRMMKIIDB/k
Malware Config
Extracted
icedid
1228806356
klepdrafooip.com
Targets
-
-
Target
Setup_Win_19-12-2022_13-01-59.msi
-
Size
1.6MB
-
MD5
1288db9034ce84b91c7d9a66214917ce
-
SHA1
1732dca74c60413d35bb7fe95f3485de4c84e095
-
SHA256
1e85bf506aeb16fac2ce8e8c873991abe86d5afa2ad0148d57b4f080a675ede8
-
SHA512
9ea1f54d646257ec77b98973224cca610a191456cf565897fa74fda3ff6ea602398c7133d0b641f2746e5c58f30cf31f93f7b221fb499f2aed1420e34df494de
-
SSDEEP
24576:aHL0lvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:ar0eglMbr3SWpsWjRMMKIIDB/k
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-