General
-
Target
NDAPersonalData.rar
-
Size
642KB
-
Sample
230126-c2187adg41
-
MD5
4d9af09bdea0269ec847b742625841a6
-
SHA1
8e3f3b4f55d7cae65bfc3d848dcaffea2cb56af1
-
SHA256
b6c97f09913469524214a9c6c5b46b6faacf21953bb9478311a851bfcfb14843
-
SHA512
56a034ff0b18406a078d0ec872f18d67507b29c73662381e4a57070fe1f6ade1a4e423c056c116b670fffc679ce0aa5cfa00fe488255b221ebc3c238bda08db7
-
SSDEEP
12288:YSdiqC4HyOq5T9YlK7Ti8G3MrNCm7o7XBg7GQonZ:DiQHyVYlK7T/jrMIo+SZ
Static task
static1
Behavioral task
behavioral1
Sample
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.lnk
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
2546188793
anisiderblomm.com
Targets
-
-
Target
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.vir
-
Size
2KB
-
MD5
f1acdf0794d290dbd6ef4bdc77292a24
-
SHA1
248a8e6c8a2af76e49e7b8b1b5b759cecb0be4ee
-
SHA256
e0d6aa1f52db325526b489597e449a853a37585e57be01569059619199cb43de
-
SHA512
6fdf61b54b207f3b4a06b7e7dd45f60982b8db3c0d3e214d6828fa0ed1ad961d4fb5e820fe7a361e8026c9ba6507b8597c9b77f2bd7911c08328bfa2760ae4c5
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-