General

  • Target

    Document[2023.10.11_08-07].vbs

  • Size

    1012KB

  • Sample

    231011-3scgksec33

  • MD5

    1f748b8c698897498ad07a6362e780f1

  • SHA1

    d931d2c1b103b41561db7760cf882c523624d28a

  • SHA256

    8a271be660b40e3b923bc8ba9479aa54d38cb232dd27e1217ad26e547e3a73bc

  • SHA512

    992c70b8c9c308b0de74bb0e31fab54a5144cf5de73d427e42f07181d61c109b6f5663fb794f2a349e527b6e6a0a535d34895e1b5b3041db87d9fd125934eeb7

  • SSDEEP

    6144:06OqlFA5GwtqDUJxtl6O2m07woeVIbNMFiczYClIFLCUygb8RII8auz1DJu1RGvg:7AF4hYimSCkAHuGGGPwfCeWz

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      Document[2023.10.11_08-07].vbs

    • Size

      1012KB

    • MD5

      1f748b8c698897498ad07a6362e780f1

    • SHA1

      d931d2c1b103b41561db7760cf882c523624d28a

    • SHA256

      8a271be660b40e3b923bc8ba9479aa54d38cb232dd27e1217ad26e547e3a73bc

    • SHA512

      992c70b8c9c308b0de74bb0e31fab54a5144cf5de73d427e42f07181d61c109b6f5663fb794f2a349e527b6e6a0a535d34895e1b5b3041db87d9fd125934eeb7

    • SSDEEP

      6144:06OqlFA5GwtqDUJxtl6O2m07woeVIbNMFiczYClIFLCUygb8RII8auz1DJu1RGvg:7AF4hYimSCkAHuGGGPwfCeWz

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks