General
Target

core.zip

Size

360KB

Sample

210525-dxl1sawnra

Score
10/10
MD5

c6c2f13a01744d79ee96015f1011d1d1

SHA1

417fa3329ed0289e49b5582b344db5f1354dd4b1

SHA256

81e1fa45f636b33fd145267c44ee8c157208c24ad88a1c1d6d7f4d8c1c18bee3

SHA512

4701a857f6ac915187ce08b821b6ab996f3b56f9418cb9ec92fa69af91844f05a498d3cf4f816f9f8f936ef56cdb6832bcf370fe4abe8ad87f818227b32aaede

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

esaquell.website

extrimefigim.top

Attributes
url_path
/news/
Targets
Target

core/cmd.bat

MD5

79b6a4cecfb4fde6a71711fa4f73f380

Filesize

188B

Score
10/10
SHA1

6f53e66f1c6dbe62849b9c36a48cd7c642de7d97

SHA256

8bbbeff5c9130e3d9a960cfb248f25afd2edb8e44c8f6f48b710156fbffa1370

SHA512

0bc26075a5c4858709fa957abe12e6bb62e263f9a90ec1eb6c90b53f3b3a5a6a27cde679819944b0aef9939f1106373add4041a8141ae5ae9d22ef0d91ea4db1

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  Score
                  N/A

                  behavioral2

                  Score
                  10/10