General

  • Target

    3336bfde9b6b8ef05f1d704d247a1a8fd0641afaecc6a71f5cfa861234c4317b.zip

  • Size

    357KB

  • Sample

    231012-ja5wmadh9y

  • MD5

    24701208c439b00a43908ae39bbf7de8

  • SHA1

    25ef7044cdf9b7c17253625a2bd5d2d6fee44227

  • SHA256

    3336bfde9b6b8ef05f1d704d247a1a8fd0641afaecc6a71f5cfa861234c4317b

  • SHA512

    9a19607d4f9fe163b0a6b99e8f45023c42a91b8c99ad5cb57c5960fb2e4a83391b102b0feb9ceefe472631e4dd25fc278e6212c83b551bf614c5db871a400c88

  • SSDEEP

    6144:DN2hZYThSeVuMaZi3B8z3x2ndfCFxILY1m5NRQN/mlIX1KBrIcRA0A1Bm6+ZrW+h:DAhEhSe4MaZbzxOCnILz5UlK+cRALuhH

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      Document[2023.10.11_08-07].vbs

    • Size

      1012KB

    • MD5

      4ff5625e6bd063811ec393b315d2c714

    • SHA1

      42b188e2e015a72accc50fcbde2d2c81f5258d0b

    • SHA256

      5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf

    • SHA512

      f74317199b5c4a45750e1b1e2a4216b51fb8f68dc9634638fa14ebd2c5d32f70d5f0f0172d587c5ab669d0a75e198063e3613a8070d3a8f3d7391d4f406d6053

    • SSDEEP

      6144:ahBT1O3Ok0FID+bbGALk9kJmtZYvz20FAyEJdHLyhS3Vdhka8rccTXCOQS7YPWGc:RALgObHuyozlr5VZl5h1NY

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks