General
-
Target
Inv_162_Jan-01_Copy.zip
-
Size
325KB
-
Sample
230110-fwthyadb74
-
MD5
eb60add07f21b919a8aeb94c49fc1510
-
SHA1
f0e7519fc71583063e5742c71a402cea27706624
-
SHA256
19445d47b6904e3ce904e119ae583d286b6d2c001161b598f5c3ce2e64485792
-
SHA512
fe3ac5b9986bc1be85a78f25b85adcd13ae5940b433d7350cfdc076277a4115277c42a63c680d280ac0e9215af80a7d3802a890ba269eb13336e0cd2e8bd3602
-
SSDEEP
6144:aYWAUM1gii+Er9WAM5i7i0Iq8dEZh3xXCFPUmrm0B7J7yHpaF:aYWA1gZ0A2Qic8C1XCtUym0zSaF
Static task
static1
Behavioral task
behavioral1
Sample
Inv_162_Jan-01_Copy/REF_Scan_01-09.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Inv_162_Jan-01_Copy/REF_Scan_01-09.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Inv_162_Jan-01_Copy/eveeftwedK/blessing.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Inv_162_Jan-01_Copy/eveeftwedK/blessing.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
Inv_162_Jan-01_Copy/eveeftwedK/oakhidtino.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Inv_162_Jan-01_Copy/eveeftwedK/oakhidtino.cmd
Resource
win10v2004-20220901-en
Malware Config
Extracted
icedid
3131022508
wagringamuk.com
Targets
-
-
Target
Inv_162_Jan-01_Copy/REF_Scan_01-09.lnk
-
Size
1KB
-
MD5
9236173d81765d9eecaffa7bea277241
-
SHA1
3c6435f4b46131e1eeb45ba87519a42c9b03c103
-
SHA256
15670b5b4cda3123d0a2f832bf393fbf16d7fa4635558de28220d56c42032b90
-
SHA512
ea010056be19fc5a3265b3303894b3c9753ed185c1bb7119016e0d8a18d5e9024e68eb48d83a13baa596c0a6646ad96bbf5ae14ad1ca352e39d5a31fec663365
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Inv_162_Jan-01_Copy/eveeftwedK/blessing.dat
-
Size
788KB
-
MD5
15dd0873cb6bef0c8e89a0319a202c3a
-
SHA1
6b49af73134d502d35d81cb978075761dc3b71fa
-
SHA256
180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
-
SHA512
3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200
-
SSDEEP
12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB
Score3/10 -
-
-
Target
Inv_162_Jan-01_Copy/eveeftwedK/oakhidtino.cmd
-
Size
1KB
-
MD5
9462edd137b82de190978b35d062e56c
-
SHA1
aeb49a7d86d9fae2f09a8f7b7d926991c5887b8b
-
SHA256
28d9ce04d42d61d8b4423997fd60087bd23285b06c4b79b72a3dcb7d13de2ec6
-
SHA512
e9fee5f87f3d4c7246b7d23293a0c68a7ecf4ea0991e83679e68b45035a5fd6251f786fc13b796286fbae055fcd9511e06fa5a31e6ebfad8009c2dc887a6aaaa
Score1/10 -