General
-
Target
Scan_46_INV_December_20-29.pdf
-
Size
129KB
-
Sample
230111-ykfrtaaa6w
-
MD5
80a27a9ca3fd024b3c3df8cfe83da184
-
SHA1
dfbe736c62d9fd9f52609168162ab2630991eaeb
-
SHA256
01ab479e899bc61c9b2fbc309a0b7e84762c0f47f679e96b5c67d56124f6ab6a
-
SHA512
e082d6db3308a79958b9e666f834d47ec745153129036dc8581f81caa74254081fb97b44399a7fba7d871ba78a5c770c46ac387fb60039138a1b8929b34d399f
-
SSDEEP
3072:ikzpgbYFXmQw6LQ2JNggY/sCrFFVT9z3flvqAjoZDySDKrng9V:NVhL5QgY/bd9z5YZbDKrng9V
Behavioral task
behavioral1
Sample
Scan_46_INV_December_20-29.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_46_INV_December_20-29.pdf
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
3181355365
whothitheka.com
Targets
-
-
Target
Scan_46_INV_December_20-29.pdf
-
Size
129KB
-
MD5
80a27a9ca3fd024b3c3df8cfe83da184
-
SHA1
dfbe736c62d9fd9f52609168162ab2630991eaeb
-
SHA256
01ab479e899bc61c9b2fbc309a0b7e84762c0f47f679e96b5c67d56124f6ab6a
-
SHA512
e082d6db3308a79958b9e666f834d47ec745153129036dc8581f81caa74254081fb97b44399a7fba7d871ba78a5c770c46ac387fb60039138a1b8929b34d399f
-
SSDEEP
3072:ikzpgbYFXmQw6LQ2JNggY/sCrFFVT9z3flvqAjoZDySDKrng9V:NVhL5QgY/bd9z5YZbDKrng9V
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-