General

  • Target

    NQYZ0148_7381068.zip

  • Size

    357KB

  • Sample

    231012-h8za3adg41

  • MD5

    a2abd84a3bdbe3aa6e1428aa601b1ca1

  • SHA1

    45ad34b4277bbd51b43bdf2129a8f51e607cec5c

  • SHA256

    c0475248fc93771346e0e489a6d5f70956ed6fd2b03186e3a2e9ef1ae1ed2c4d

  • SHA512

    f45659ca958b8f9401e41b2e4a8357f2295e3de1a82d51bf9aa03b1151c80652cbd97489cd99bd218c591cdf145f343829e9e4a1fef18f6d222d3d5a872aa3bf

  • SSDEEP

    6144:TVLFrChc2qPrbdo9eQIcDcNwJo2vTuvAzd0j1HToGDu5voZvlAuU8:TVFmc5fu9vIUpvTuozd050kI+vv

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      Inquiry[2023.10.11_08-07].vbs

    • Size

      1013KB

    • MD5

      9505db4094a6259c6ce7ca9bf8a0ba4b

    • SHA1

      669279efc9e0360be714d3d40c822365a7cfe01b

    • SHA256

      18d5bf8f2243bd399d764379be5605519e54c54a4c2879fc8eb13dce395cc40d

    • SHA512

      7d0642ade03a8c6d717d50404789272b1e70feca10bfbe806747628d1280189eaf22968f3733029381ae3c93af6328314433be49af75c3a5e6a9458b9bc47923

    • SSDEEP

      6144:M+g92IHKoCcGnLrvsoQO6EXAccz4VnWE7NqxZoTMZ3QONBVG4kl/6BY5G1c/fP6w:zzXh6HekeTMZg40DzOxicJb9Uyt6

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks