General

  • Target

    core.zip

  • Size

    360KB

  • Sample

    210525-dxl1sawnra

  • MD5

    c6c2f13a01744d79ee96015f1011d1d1

  • SHA1

    417fa3329ed0289e49b5582b344db5f1354dd4b1

  • SHA256

    81e1fa45f636b33fd145267c44ee8c157208c24ad88a1c1d6d7f4d8c1c18bee3

  • SHA512

    4701a857f6ac915187ce08b821b6ab996f3b56f9418cb9ec92fa69af91844f05a498d3cf4f816f9f8f936ef56cdb6832bcf370fe4abe8ad87f818227b32aaede

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

esaquell.website

extrimefigim.top

Attributes
  • url_path

    /news/

Targets

    • Target

      core/cmd.bat

    • Size

      188B

    • MD5

      79b6a4cecfb4fde6a71711fa4f73f380

    • SHA1

      6f53e66f1c6dbe62849b9c36a48cd7c642de7d97

    • SHA256

      8bbbeff5c9130e3d9a960cfb248f25afd2edb8e44c8f6f48b710156fbffa1370

    • SHA512

      0bc26075a5c4858709fa957abe12e6bb62e263f9a90ec1eb6c90b53f3b3a5a6a27cde679819944b0aef9939f1106373add4041a8141ae5ae9d22ef0d91ea4db1

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks