General

  • Target

    b5bc094bbd3cc9ed9642938c98a480fa36e45d7d6e13adb8fe73f4315831291f_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xwxn2aac51

  • MD5

    b4b825dad434b62c41475ba1f199cb26

  • SHA1

    4aa6cfe476eba9f65dd9a50fbcac5ba3f562ab9b

  • SHA256

    b5bc094bbd3cc9ed9642938c98a480fa36e45d7d6e13adb8fe73f4315831291f

  • SHA512

    6787aa3166651cc8c305e66d9cf2ceb354f2a5b0a12cc5c002823a94acc32066e5dc719cba4e65f01414376f7d49706a8a3b4c1927d27523bd54fb1f25105934

  • SSDEEP

    6144:221xuSxineQmvNB0DiMtHww9VkatAq8YVRudNgCTF2OkOPyorMMWui1ha8sioMWz:RMtLna6CTF7ZrM6wExkZ5ugsLf

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      b5bc094bbd3cc9ed9642938c98a480fa36e45d7d6e13adb8fe73f4315831291f_JC.vbs

    • Size

      1012KB

    • MD5

      b4b825dad434b62c41475ba1f199cb26

    • SHA1

      4aa6cfe476eba9f65dd9a50fbcac5ba3f562ab9b

    • SHA256

      b5bc094bbd3cc9ed9642938c98a480fa36e45d7d6e13adb8fe73f4315831291f

    • SHA512

      6787aa3166651cc8c305e66d9cf2ceb354f2a5b0a12cc5c002823a94acc32066e5dc719cba4e65f01414376f7d49706a8a3b4c1927d27523bd54fb1f25105934

    • SSDEEP

      6144:221xuSxineQmvNB0DiMtHww9VkatAq8YVRudNgCTF2OkOPyorMMWui1ha8sioMWz:RMtLna6CTF7ZrM6wExkZ5ugsLf

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks