Overview
overview
10Static
static
Scan_01-09.lnk
windows7-x64
10Scan_01-09.lnk
windows10-1703-x64
10Scan_01-09.lnk
windows10-2004-x64
10firvetourg...dc.cmd
windows7-x64
1firvetourg...dc.cmd
windows10-1703-x64
1firvetourg...dc.cmd
windows10-2004-x64
1firvetourg...ng.dll
windows7-x64
3firvetourg...ng.dll
windows10-1703-x64
3firvetourg...ng.dll
windows10-2004-x64
3General
-
Target
Malware.zip
-
Size
333KB
-
Sample
230109-zveg6sfg59
-
MD5
8ab95e8aba03133ec0d363be217a4076
-
SHA1
a3829e41cb071d784c8bb905d18d7052660f78e2
-
SHA256
acd9fa27b779469770a4c53602c8bbd33607e1624bf6b5dfd605e2211aa9bae4
-
SHA512
d7c9b89dfc00946997cf891b20e8923ac3ad644f049895fdea10c14bff9ca2d907540cfd18903399cbbae71f98b1d1d810d1f5201fbce4318a652ac16238fa7f
-
SSDEEP
6144:3qANf8ojQ+kY7boOAEMyIJ/ec9NSsANtzsq97b2QcwGfHsyS8M9aTkAxbkA:6ANkojCY78OV6JxQTQI7KfHxlLTleA
Static task
static1
Behavioral task
behavioral1
Sample
Scan_01-09.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_01-09.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
Scan_01-09.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral4
Sample
firvetourg/denmedmudc.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
firvetourg/denmedmudc.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
firvetourg/denmedmudc.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
firvetourg/reencountering.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
firvetourg/reencountering.dll
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
firvetourg/reencountering.dll
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
3131022508
wagringamuk.com
Targets
-
-
Target
Scan_01-09.lnk
-
Size
1KB
-
MD5
fc799beeda4a8430292247375bdf4b59
-
SHA1
3f1a817f3bd5a344fc3aae111f09349756f00d40
-
SHA256
a482fc4719106e36bca78b610acde1136bce64120fe1a5a843d65aa82aaa190e
-
SHA512
b1d1286cce4499e2c849ddfa6c6e8cfd08ec8cfe7d6d9fb1c11319623a3866f767c8d08d767f2594fb991592b66528c797a3b49bbb45add44284c7b296de7467
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
firvetourg/denmedmudc.cmd
-
Size
1KB
-
MD5
c28f4835e4522c127c5d0306e4882bc3
-
SHA1
26c24e97e961d50cd6ac2c88d307a000f85e89fc
-
SHA256
01ef8a55d948b5b1c60741b689fa31a755bca5f1d0b13b34282ad0031b754797
-
SHA512
5511c255f2129282ce1da65711f76d039f2f4b4231db2f0395b3eee76cad61c5098d4f151f4701705fedad4bd23a8818377eee6fa592af3fedef58df25676bf8
Score1/10 -
-
-
Target
firvetourg/reencountering.dat
-
Size
788KB
-
MD5
15dd0873cb6bef0c8e89a0319a202c3a
-
SHA1
6b49af73134d502d35d81cb978075761dc3b71fa
-
SHA256
180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
-
SHA512
3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200
-
SSDEEP
12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB
Score3/10 -