General

  • Target

    information[2023.10.11_08-07]_2.vbs

  • Size

    1012KB

  • Sample

    231011-3rp2aacb7y

  • MD5

    a6421c93cef8bc3e31ba3bc3229459cd

  • SHA1

    9a9984fa0b5581957d37f69689797aec8e7e14fd

  • SHA256

    ec8156bc9973efd14c2d960d1c18f688dfbaaef522b454ae0b17550539036209

  • SHA512

    de49db1b6ce18107f57356705a804fe8e3113fb181aa9ce85761f4c6ab1efeda7bd145a40c800fed11b7746067a74c674493c7f5f59bc61b579e449600c3c53d

  • SSDEEP

    6144:dAOJlc7h+Z7A6oKjJZtm6WvdJVA4t8NMosr/4UILfRsL6INN0Id86rJTxABr04nj:hLFLWxBb4UNtR7MkiX

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      information[2023.10.11_08-07]_2.vbs

    • Size

      1012KB

    • MD5

      a6421c93cef8bc3e31ba3bc3229459cd

    • SHA1

      9a9984fa0b5581957d37f69689797aec8e7e14fd

    • SHA256

      ec8156bc9973efd14c2d960d1c18f688dfbaaef522b454ae0b17550539036209

    • SHA512

      de49db1b6ce18107f57356705a804fe8e3113fb181aa9ce85761f4c6ab1efeda7bd145a40c800fed11b7746067a74c674493c7f5f59bc61b579e449600c3c53d

    • SSDEEP

      6144:dAOJlc7h+Z7A6oKjJZtm6WvdJVA4t8NMosr/4UILfRsL6INN0Id86rJTxABr04nj:hLFLWxBb4UNtR7MkiX

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks