General

  • Target

    b9fdea30fcf81e4ce2084f86cab813c5fa46a40d5a6b666a2c77e86fbe49a513_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xxybyscd46

  • MD5

    5a1dc1c02275de90b55b41e134f76895

  • SHA1

    0b938da0e5a3857c0d03e9a415299dbbddba4ba1

  • SHA256

    b9fdea30fcf81e4ce2084f86cab813c5fa46a40d5a6b666a2c77e86fbe49a513

  • SHA512

    493e1b0fac8c890391a3921a20f265f84ab19923c755a9ad9e998eb0fd5438b4d84fb0f3e1bc063c4aa97e44625a0aafae4d4098f6e7f35232eed0a8d112943b

  • SSDEEP

    6144:5osxfC4ie6B+nHUNaWeXLic0l9/Jmb8r/tozVEMIF5A8TUiTnWuEw5/HtXApyN3j:tQ4TqaZEMGf/rW7my6fqTNmGl8

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      b9fdea30fcf81e4ce2084f86cab813c5fa46a40d5a6b666a2c77e86fbe49a513_JC.vbs

    • Size

      1012KB

    • MD5

      5a1dc1c02275de90b55b41e134f76895

    • SHA1

      0b938da0e5a3857c0d03e9a415299dbbddba4ba1

    • SHA256

      b9fdea30fcf81e4ce2084f86cab813c5fa46a40d5a6b666a2c77e86fbe49a513

    • SHA512

      493e1b0fac8c890391a3921a20f265f84ab19923c755a9ad9e998eb0fd5438b4d84fb0f3e1bc063c4aa97e44625a0aafae4d4098f6e7f35232eed0a8d112943b

    • SSDEEP

      6144:5osxfC4ie6B+nHUNaWeXLic0l9/Jmb8r/tozVEMIF5A8TUiTnWuEw5/HtXApyN3j:tQ4TqaZEMGf/rW7my6fqTNmGl8

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks