General
-
Target
Scan_34262_INV.pdf
-
Size
109KB
-
Sample
230117-zz63zscd5z
-
MD5
5f8a9cb690464151bb443ed4740a3c27
-
SHA1
e467d01dd6810da100fb2b96fc30f2d33a205602
-
SHA256
c2e3097e2de547d70f1d4543b51fdb0c016a066646e7d51b74ca4f29c69f5a85
-
SHA512
8447b024b77361a103b5f2040f70dcb3b2c15ae7e20a3e7d0fc8086197b8132f77fddf30b10855bf88e030b0c1abdf6ff12b7b90ead594b5de67bb26cff347d7
-
SSDEEP
3072:By5E76B0ue48jHIwoo06PtkUcE549hce+:B/+auqgotkFEarv+
Malware Config
Extracted
icedid
3074491541
dgormiugatox.com
Targets
-
-
Target
Scan_34262_INV.pdf
-
Size
109KB
-
MD5
5f8a9cb690464151bb443ed4740a3c27
-
SHA1
e467d01dd6810da100fb2b96fc30f2d33a205602
-
SHA256
c2e3097e2de547d70f1d4543b51fdb0c016a066646e7d51b74ca4f29c69f5a85
-
SHA512
8447b024b77361a103b5f2040f70dcb3b2c15ae7e20a3e7d0fc8086197b8132f77fddf30b10855bf88e030b0c1abdf6ff12b7b90ead594b5de67bb26cff347d7
-
SSDEEP
3072:By5E76B0ue48jHIwoo06PtkUcE549hce+:B/+auqgotkFEarv+
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-