General

  • Target

    a87cf1ec49b5791bd9d22875563eb6589d0d96a148317e0b7fb5256609fa3ebf_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xqksaahf6y

  • MD5

    21c91fb18ed6855a0afcf49a20001eca

  • SHA1

    e8c74cc27324d6960cd3b7dab332454646f04217

  • SHA256

    a87cf1ec49b5791bd9d22875563eb6589d0d96a148317e0b7fb5256609fa3ebf

  • SHA512

    c95808cd732218cb2708422ce53c95aa509e3bf724c6dfbc1e00dffb68c24b31bb5ac06c862a7fa120541553f153de1b4c0a613a60b69455a47fb8c027c4b389

  • SSDEEP

    6144:tagJgAaNoObrWVOULW3A1Z28e6t/7L62oug5qThN3atdt+zqJoVAcMeNbUqxvzDU:jkMEA/cv35qTH4YooAmiJXfVF

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      a87cf1ec49b5791bd9d22875563eb6589d0d96a148317e0b7fb5256609fa3ebf_JC.vbs

    • Size

      1012KB

    • MD5

      21c91fb18ed6855a0afcf49a20001eca

    • SHA1

      e8c74cc27324d6960cd3b7dab332454646f04217

    • SHA256

      a87cf1ec49b5791bd9d22875563eb6589d0d96a148317e0b7fb5256609fa3ebf

    • SHA512

      c95808cd732218cb2708422ce53c95aa509e3bf724c6dfbc1e00dffb68c24b31bb5ac06c862a7fa120541553f153de1b4c0a613a60b69455a47fb8c027c4b389

    • SSDEEP

      6144:tagJgAaNoObrWVOULW3A1Z28e6t/7L62oug5qThN3atdt+zqJoVAcMeNbUqxvzDU:jkMEA/cv35qTH4YooAmiJXfVF

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks