General

  • Target

    b3d93ea5acba35ad48b26124a42b0706b05b3c063a309089dc15d43f308a9167_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xwl8asac21

  • MD5

    bba98072bd5b8c373bea0777f14f87f5

  • SHA1

    dcab79d8588206cfeb9e616c9f98fbfb003f9e09

  • SHA256

    b3d93ea5acba35ad48b26124a42b0706b05b3c063a309089dc15d43f308a9167

  • SHA512

    713fb61e63d414fabffc1d769a2924b9edf2e146754e9a2417035828bda746619444fe3cc84317248bceb9c50460269fc7a7ffbac0d7eedcb107d06a5841aaa9

  • SSDEEP

    6144:fXK8l0FJDhD+mtLJXSDQO35gya5RHU50kEARIDX5QFt7lQ78hpuFdvcOll0H4n/h:Xsy0OJf/RIAJ5TtrO29CyKOUYnI

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      b3d93ea5acba35ad48b26124a42b0706b05b3c063a309089dc15d43f308a9167_JC.vbs

    • Size

      1012KB

    • MD5

      bba98072bd5b8c373bea0777f14f87f5

    • SHA1

      dcab79d8588206cfeb9e616c9f98fbfb003f9e09

    • SHA256

      b3d93ea5acba35ad48b26124a42b0706b05b3c063a309089dc15d43f308a9167

    • SHA512

      713fb61e63d414fabffc1d769a2924b9edf2e146754e9a2417035828bda746619444fe3cc84317248bceb9c50460269fc7a7ffbac0d7eedcb107d06a5841aaa9

    • SSDEEP

      6144:fXK8l0FJDhD+mtLJXSDQO35gya5RHU50kEARIDX5QFt7lQ78hpuFdvcOll0H4n/h:Xsy0OJf/RIAJ5TtrO29CyKOUYnI

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks