General

  • Target

    bf51efbef9813712f82853e75ceeb111310155505c00e8ba03eb5250e1ef2e73_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xzdekace45

  • MD5

    ad5758d7325bf0a3f10b7124904569d0

  • SHA1

    f0e63517543a2e852ed0c08b18def9bf92f663fd

  • SHA256

    bf51efbef9813712f82853e75ceeb111310155505c00e8ba03eb5250e1ef2e73

  • SHA512

    d82ea77c9719822427010943603db05b4421fa070eff81de02afa59f4a9217a9e77ad3df816ef976d8ca8ab6ffbf7d01d14f410f0728233ef260752cf50cbb7d

  • SSDEEP

    6144:pMDsulkWuDXd9Sa1Arz2nTkEAFTX1bBQ53EvThwSNuxdnMunliyMRsGpXE28GV4w:M1h32QEP0vTh6blqRw1Lk8M8O

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      bf51efbef9813712f82853e75ceeb111310155505c00e8ba03eb5250e1ef2e73_JC.vbs

    • Size

      1012KB

    • MD5

      ad5758d7325bf0a3f10b7124904569d0

    • SHA1

      f0e63517543a2e852ed0c08b18def9bf92f663fd

    • SHA256

      bf51efbef9813712f82853e75ceeb111310155505c00e8ba03eb5250e1ef2e73

    • SHA512

      d82ea77c9719822427010943603db05b4421fa070eff81de02afa59f4a9217a9e77ad3df816ef976d8ca8ab6ffbf7d01d14f410f0728233ef260752cf50cbb7d

    • SSDEEP

      6144:pMDsulkWuDXd9Sa1Arz2nTkEAFTX1bBQ53EvThwSNuxdnMunliyMRsGpXE28GV4w:M1h32QEP0vTh6blqRw1Lk8M8O

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks