General

  • Target

    a9060e9aef4561a0f7e04e867c884a43fa13d59f15a6d673945f8c97806381f8_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xrqd6ahg2z

  • MD5

    7fa3ce941b93faf5118a375b3dba6567

  • SHA1

    b5fccb9008803f332338eaff5306c98ba7ed390b

  • SHA256

    a9060e9aef4561a0f7e04e867c884a43fa13d59f15a6d673945f8c97806381f8

  • SHA512

    808840b01dd0d0f3f719e6c96b9a5841494822bce9fe17a562b53c35880c1c8ef4f6debaace415f05a738d714a8e44e14ec75a9d255d7f24266f9aa63e817838

  • SSDEEP

    6144:v9Eeab8x65l0/ysr2Kf+UV11W1XPUvsqfhpZbq0zxHuNrZv/GInQ0Qi9V8ERwKDS:5RGUhPJq0zk9VpJRKQzSAdk

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      a9060e9aef4561a0f7e04e867c884a43fa13d59f15a6d673945f8c97806381f8_JC.vbs

    • Size

      1012KB

    • MD5

      7fa3ce941b93faf5118a375b3dba6567

    • SHA1

      b5fccb9008803f332338eaff5306c98ba7ed390b

    • SHA256

      a9060e9aef4561a0f7e04e867c884a43fa13d59f15a6d673945f8c97806381f8

    • SHA512

      808840b01dd0d0f3f719e6c96b9a5841494822bce9fe17a562b53c35880c1c8ef4f6debaace415f05a738d714a8e44e14ec75a9d255d7f24266f9aa63e817838

    • SSDEEP

      6144:v9Eeab8x65l0/ysr2Kf+UV11W1XPUvsqfhpZbq0zxHuNrZv/GInQ0Qi9V8ERwKDS:5RGUhPJq0zk9VpJRKQzSAdk

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks