General

  • Target

    information[2023.10.11_08-07].vbs

  • Size

    1012KB

  • Sample

    231011-3rqb2scb7z

  • MD5

    a9c3b9a30859661eb07c236f5ba977c9

  • SHA1

    cd1d848abee242a083ff8a1633f7cf7ff7ebdafd

  • SHA256

    30d828fe22893c588e356bc2c8f9e800715923f2ee023141a41c5055f846c1e8

  • SHA512

    26bf1ce432541642910280c1f8998370de7206b342ac31f9ee9be1bb614ad0084535eb2dc8adcb9fd0116516e4c7bba5cdfaccffaf8008c8fb39df7f39c8ef04

  • SSDEEP

    6144:iqzIHqFw2r6TjzHFgjiHFgrkqOFtKuByGi7a3TbwLMN7EF8Zz5Z/NjRzWGCpobxU:utS4FMT1u3TbYhKxXzSVif/Dn7GptQDq

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      information[2023.10.11_08-07].vbs

    • Size

      1012KB

    • MD5

      a9c3b9a30859661eb07c236f5ba977c9

    • SHA1

      cd1d848abee242a083ff8a1633f7cf7ff7ebdafd

    • SHA256

      30d828fe22893c588e356bc2c8f9e800715923f2ee023141a41c5055f846c1e8

    • SHA512

      26bf1ce432541642910280c1f8998370de7206b342ac31f9ee9be1bb614ad0084535eb2dc8adcb9fd0116516e4c7bba5cdfaccffaf8008c8fb39df7f39c8ef04

    • SSDEEP

      6144:iqzIHqFw2r6TjzHFgjiHFgrkqOFtKuByGi7a3TbwLMN7EF8Zz5Z/NjRzWGCpobxU:utS4FMT1u3TbYhKxXzSVif/Dn7GptQDq

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks