General

  • Target

    Document.vbs

  • Size

    2.5MB

  • Sample

    231018-s4cavaff7t

  • MD5

    c8149f4e259f12c0d814b3d67a95aac6

  • SHA1

    1f652ce82610c6e4f395f0a7c35ed49c4eb4c202

  • SHA256

    e207cc2dcc198d59a3f9f48160227854c540888fae7f086a9c50338babb5f8e9

  • SHA512

    b7f93b16c3a4e8aee5b02dffd108486c4feb71fca3578592280e3cd5edf4cf0d337830f7da5a6501920e2ffe4e2a7e4cf636a981f6df6f7dca135c1e5eb31fcf

  • SSDEEP

    24576:Wb8nJeOGHIhJrLEEYul9lh3QKv2WGE5nvEVzDtIEepxE5Azkd4ZJ8RaFTZeuFpzH:Luwj5L40fLMn5olhTbK8x

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      Document.vbs

    • Size

      2.5MB

    • MD5

      c8149f4e259f12c0d814b3d67a95aac6

    • SHA1

      1f652ce82610c6e4f395f0a7c35ed49c4eb4c202

    • SHA256

      e207cc2dcc198d59a3f9f48160227854c540888fae7f086a9c50338babb5f8e9

    • SHA512

      b7f93b16c3a4e8aee5b02dffd108486c4feb71fca3578592280e3cd5edf4cf0d337830f7da5a6501920e2ffe4e2a7e4cf636a981f6df6f7dca135c1e5eb31fcf

    • SSDEEP

      24576:Wb8nJeOGHIhJrLEEYul9lh3QKv2WGE5nvEVzDtIEepxE5Azkd4ZJ8RaFTZeuFpzH:Luwj5L40fLMn5olhTbK8x

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks