General
-
Target
INV_Scan_32.zip
-
Size
518KB
-
Sample
230426-vn35qsag33
-
MD5
3e9c64bb43373f42d7578678b76fb2f9
-
SHA1
c1f259f72a84c79fbd04a86f119925a176602a2c
-
SHA256
5f69e700adcba2984bc3708a55cd75f19b0d79d251e4f0e2c0d1164444160a11
-
SHA512
2e6ace92eb4d16dbe9e02b9c5ae338f8e8fc061acb55d212297f832b12c31e45214e256ad91db80354e7a5582f6228798cb1f4734d3ec83b801aa9a887e70d53
-
SSDEEP
12288:vyKu+sNDbIeAbJ3WslEOWMnlhx6acczLN3GGQhlHRK:qKspjAYCzWuh0aJ3glHRK
Static task
static1
Behavioral task
behavioral1
Sample
OBSESSOR/SUNLANDS.cmd
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
OBSESSOR/SUNLANDS.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
OBSESSOR/WOOZIEST.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
OBSESSOR/WOOZIEST.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
VANDALIC.lnk
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
VANDALIC.lnk
Resource
win10v2004-20230221-en
Malware Config
Extracted
icedid
1691396905
plitspiritnox.com
Targets
-
-
Target
OBSESSOR/SUNLANDS.CMD
-
Size
514B
-
MD5
5faed7456689a1f3be114145965bf41a
-
SHA1
0fbd2087c7dfa29bfec1bee79fffee707f1b73ae
-
SHA256
7796913738f58c2956952616818ce6ac259848f4e0523961ad0010b1cbca4049
-
SHA512
92a908394eed977be8d95f7aa229e77040cda9b5d085bb6f27544b89a52a00dfbfc216c65edb4b28b0f56324b79caae67cc685e9cbcd4bc156bce6ed6c15be27
Score1/10 -
-
-
Target
OBSESSOR/WOOZIEST.DAT
-
Size
1.0MB
-
MD5
a146dac7b641fff2c5c3c0cf320731aa
-
SHA1
0b21a4b04e79565e26e4236772d4605fc39862e7
-
SHA256
95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab
-
SHA512
9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19
-
SSDEEP
24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ
Score3/10 -
-
-
Target
VANDALIC.LNK
-
Size
1KB
-
MD5
96166f754d78f1144fa55af22b5795ac
-
SHA1
4c1927dbf486fdbd1888ca85ff2cca8680173f7d
-
SHA256
99e23ccaeccbce27f28b52625aad17b46cf41dc1c67d427800f17c0c48f00f08
-
SHA512
2636bfc0147ed8d473aa77aa65068d13473cdae0ca4a7c4040f4598f1eb16e30c9e09c1a8f97a7ffb8e45ec5c6bfa48f8333b51e89646cb61b96e1882baec89d
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-