Extracted

• • Target

    Webex-x64.msix

  • Size

    30.7MB

  • MD5

    77eab64c4951102dcde481f5e0ee6ec8

  • SHA1

    06cb82fdd585cbaca00378bc62ae72d3bf573dec

  • SHA256

    50dd5611a6a93c3772eabc23038f4cb36900e3bbeae900efe4cf5a849a0b6b75

  • SHA512

    5ed2d38b70fb870c861ffbfeedab9017146c77e3653ae1d37e2b48ca1f10de56f289b947dff4dc48b926dde7a1dcac958cfb5f85e92633b3bc5bef9d3748b231

  • SSDEEP

    786432:B91qv6X24krZclsEcTznscqDv0v7OAi3HON8MCqT:B91qS9krFPjwDcDj3NrCqT

  Score

  10^/10

  icedid43832328bankerloaderpersistencetrojanupx

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2