General
-
Target
ZoomInfoDBExtract16.zip
-
Size
697KB
-
Sample
230125-x5h71aab83
-
MD5
8ef6db743a14fdb8f1d3a775ec1d4bea
-
SHA1
94d569e6f949fe101e0cefed924e9d3f5b1b3263
-
SHA256
6e0a64ae1c914961faa708b0ff5f43c30d3c04997e05bd2add145ffe07debf2a
-
SHA512
79439924cd237250e03f02663e30c2615c2df9021c3539ed69451b93a124c9b03b214dd588ada60e0df76d1caf9725375bbab501874b4a75dbca7bd8575c2626
-
SSDEEP
12288:hB5EeqxfGU8iNXSG1RmVvm9LzUuQcjynm/2ZpOuRn5BMEcLvhqXkWQbebPB2OZES:hlqxff8ivmVvm9LAuQcjAm/E5RGQXkW3
Static task
static1
Behavioral task
behavioral1
Sample
NDAPersonalData/NDAZoomInfo11.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
NDAPersonalData/NDAZoomInfo11.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
NDAPersonalData/desktop.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
NDAPersonalData/desktop.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
2546188793
anisiderblomm.com
Targets
-
-
Target
NDAPersonalData/NDAZoomInfo11.Lnk
-
Size
2KB
-
MD5
f1acdf0794d290dbd6ef4bdc77292a24
-
SHA1
248a8e6c8a2af76e49e7b8b1b5b759cecb0be4ee
-
SHA256
e0d6aa1f52db325526b489597e449a853a37585e57be01569059619199cb43de
-
SHA512
6fdf61b54b207f3b4a06b7e7dd45f60982b8db3c0d3e214d6828fa0ed1ad961d4fb5e820fe7a361e8026c9ba6507b8597c9b77f2bd7911c08328bfa2760ae4c5
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
NDAPersonalData/desktop.ini
-
Size
1.4MB
-
MD5
0f9d853f54ed0d1a800051ec718f16db
-
SHA1
a12bd8f8edff0743e92119527673c91d2d0888e0
-
SHA256
18ff52ee24dbdf6593324b52250115b6c5314e159b681a3a437e3b163d3bf6ab
-
SHA512
04cdae504c213aa6fa645bd3d2a948dbfa5d616b3516f5787d79f5054ee25c3938e07259e4a3d59c8a7265a4f686897859aeadc419b92adb17b5d3595eb45da2
-
SSDEEP
24576:mTfaPo9UzJSUrZMrZjY57tj2OM8SC/XPt8JGfZb3GW2:8fKo9uJSUrZgwtc8SC/uJGu
Score3/10 -