Overview

overview

10

Static

static

ﱞﱞﱞï...ฺฺ

windows10_x64

10

ﱞﱞﱞï...ﱞﱞ

windows10_x64

10

ﱞﱞﱞï...ﱞﱞ

windows10_x64

10

Resubmissions

25-03-2021 19:54

210325-1my3wzl72x 8

25-03-2021 19:06

210325-bvf4p5t18e 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COVERT-Pro-Inst (1).exe

  • Size

    30.9MB

  • Sample

    210325-bvf4p5t18e

  • MD5

    604aaadd302aac9e9d783bd8910ce594

  • SHA1

    f6500c98ff55c6a974ed02194ff0be25d96ec9f8

  • SHA256

    41a0c8a3158186712649e53fce67714641bf8d3e485731255ab9b3a954da7046

  • SHA512

    b25b97fb60aeb9baa15f68be02963d9ac074040f989705fbfcfae825bcc8799998e705c9691371538d64401b1432444df60b2a7881b6b5b3b6f1b21b7eba0feb

Score
10/10
icedidredlinevidar1235390667bankerinfostealerstealertrojan

Malware Config

Extracted

Family

icedid

Campaign

1235390667

Targets

    • Target

      COVERT-Pro-Inst (1).exe

    • Size

      30.9MB

    • MD5

      604aaadd302aac9e9d783bd8910ce594

    • SHA1

      f6500c98ff55c6a974ed02194ff0be25d96ec9f8

    • SHA256

      41a0c8a3158186712649e53fce67714641bf8d3e485731255ab9b3a954da7046

    • SHA512

      b25b97fb60aeb9baa15f68be02963d9ac074040f989705fbfcfae825bcc8799998e705c9691371538d64401b1432444df60b2a7881b6b5b3b6f1b21b7eba0feb

    Score
    10/10
    redlinevidarinfostealerstealericedid1235390667bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks