all InfoSec news
IcedID gets Loaded
Oct. 20, 2023, 5:55 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
By: Joshua Platt and Jason Reaves
While investigating a recent IcedID campaign leveraging GitLab:
hxxps://gitlab.]com/group9652040/my1/-/raw/main/2.exe
We noticed that the imphash for the sample had an overlap with another sample:
Ref: https://www.virustotal.com/gui/search/imphash%253Ace088b62574105896ea14183bc034940/filesAnd that new sample was talking to a different domain:
Ref: https://www.virustotal.com/gui/file/6ae543b0a3380779b65bff8c3ca0267f741173aed0d35265d6c92c0298fb924c/relationsAfter unpacking the sample a few strings can be seen that would allude to some sort of system and network profiler:
&ipconfig=
&systeminfo=
&domain_trusts=
&domain_trusts_all=
&net_view_all_domain=
&net_view_all=
&net_group=
&wmic=
&net_config_ws=
&net_wmic_av=
&whoami_group=
When diving into the binary …
article blog global icedid jason link medium tech topic walmart
More from malware.news / Malware Analysis, News and Indicators - Latest topics
The real reason antivirus software detects cracks
1 day, 2 hours ago |
malware.news
Update: what-is-new.py Version 0.0.4
1 day, 6 hours ago |
malware.news
The CTI Analyst Challenge
1 day, 8 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States