General

  • Target

    Inquiry[2023.10.11_08-07].vbs

  • Size

    1013KB

  • Sample

    231012-h8ddlafh35

  • MD5

    9505db4094a6259c6ce7ca9bf8a0ba4b

  • SHA1

    669279efc9e0360be714d3d40c822365a7cfe01b

  • SHA256

    18d5bf8f2243bd399d764379be5605519e54c54a4c2879fc8eb13dce395cc40d

  • SHA512

    7d0642ade03a8c6d717d50404789272b1e70feca10bfbe806747628d1280189eaf22968f3733029381ae3c93af6328314433be49af75c3a5e6a9458b9bc47923

  • SSDEEP

    6144:M+g92IHKoCcGnLrvsoQO6EXAccz4VnWE7NqxZoTMZ3QONBVG4kl/6BY5G1c/fP6w:zzXh6HekeTMZg40DzOxicJb9Uyt6

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      Inquiry[2023.10.11_08-07].vbs

    • Size

      1013KB

    • MD5

      9505db4094a6259c6ce7ca9bf8a0ba4b

    • SHA1

      669279efc9e0360be714d3d40c822365a7cfe01b

    • SHA256

      18d5bf8f2243bd399d764379be5605519e54c54a4c2879fc8eb13dce395cc40d

    • SHA512

      7d0642ade03a8c6d717d50404789272b1e70feca10bfbe806747628d1280189eaf22968f3733029381ae3c93af6328314433be49af75c3a5e6a9458b9bc47923

    • SSDEEP

      6144:M+g92IHKoCcGnLrvsoQO6EXAccz4VnWE7NqxZoTMZ3QONBVG4kl/6BY5G1c/fP6w:zzXh6HekeTMZg40DzOxicJb9Uyt6

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks