General

  • Target

    New_working_conditions[2023.10.11_08-07]_2.vbs

  • Size

    1012KB

  • Sample

    231011-3qk1yaeb47

  • MD5

    28c1cb7ed4e54c8328c0f389efe1a2fa

  • SHA1

    ad7a3e3d243af45ff405b96365e1a2da262b5205

  • SHA256

    d008dab2e37bdba363f8552c433cdc07775edb7027d83895cf09c89f906a742c

  • SHA512

    420d689543c7e9c5d634fcedd89150f6b0d78153fd2e54f51df1e250c2ecc6e967eb56d3712ac0c5628abeb6c8887e863ea9fc5e53e7c7cff2dcfaf15a137718

  • SSDEEP

    6144:Uoiyz+yapuHcP561cfjcH1Ro85uiboM8xkk27mPwEtNBnAsRhKlZ718Irk2/Eg1v:e7K1bW2KY6XQIyiBF7K1dlr

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      New_working_conditions[2023.10.11_08-07]_2.vbs

    • Size

      1012KB

    • MD5

      28c1cb7ed4e54c8328c0f389efe1a2fa

    • SHA1

      ad7a3e3d243af45ff405b96365e1a2da262b5205

    • SHA256

      d008dab2e37bdba363f8552c433cdc07775edb7027d83895cf09c89f906a742c

    • SHA512

      420d689543c7e9c5d634fcedd89150f6b0d78153fd2e54f51df1e250c2ecc6e967eb56d3712ac0c5628abeb6c8887e863ea9fc5e53e7c7cff2dcfaf15a137718

    • SSDEEP

      6144:Uoiyz+yapuHcP561cfjcH1Ro85uiboM8xkk27mPwEtNBnAsRhKlZ718Irk2/Eg1v:e7K1bW2KY6XQIyiBF7K1dlr

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks