General

  • Target

    aceb5742ec615a86a038e90b61c518e2a239b94dd9f34dfe1e035225f6aadac7_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xtjpdsbh99

  • MD5

    8499ced1659790a9c571bb6e95af2b13

  • SHA1

    ca750659b38bb3c3215be6cf24213a5bf52a333e

  • SHA256

    aceb5742ec615a86a038e90b61c518e2a239b94dd9f34dfe1e035225f6aadac7

  • SHA512

    335d1b3b7e7a5cff620efa35d1e0ee22202aef1cbad39cce752555d0b808f7e19e8834a0904d73e37a391809278cd122ea850a5d3506eaceb870eafc0b39e8f9

  • SSDEEP

    6144:EgNO2EJjysEBKBWwItD4tCbh/S1qR0Jt3sw06/AmRqAaxvXZFFDxr24Yl+aW5+Vf:1Lbp25Hf06Nu98RK7FgCiou

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      aceb5742ec615a86a038e90b61c518e2a239b94dd9f34dfe1e035225f6aadac7_JC.vbs

    • Size

      1012KB

    • MD5

      8499ced1659790a9c571bb6e95af2b13

    • SHA1

      ca750659b38bb3c3215be6cf24213a5bf52a333e

    • SHA256

      aceb5742ec615a86a038e90b61c518e2a239b94dd9f34dfe1e035225f6aadac7

    • SHA512

      335d1b3b7e7a5cff620efa35d1e0ee22202aef1cbad39cce752555d0b808f7e19e8834a0904d73e37a391809278cd122ea850a5d3506eaceb870eafc0b39e8f9

    • SSDEEP

      6144:EgNO2EJjysEBKBWwItD4tCbh/S1qR0Jt3sw06/AmRqAaxvXZFFDxr24Yl+aW5+Vf:1Lbp25Hf06Nu98RK7FgCiou

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks