Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    412KB

  • Sample

    210603-rhnyldpjqa

  • MD5

    199337409fbff480bd855672fb2e46ee

  • SHA1

    19b0b8e51cbd6d0073ea22f875b7a2854696fb6b

  • SHA256

    293faad0e341c3fd59e0c668e98a4289f07b8b2f862e1d9ffabbbdd718b42fb8

  • SHA512

    a5685a513de76752c4eef4ea3d4b15056d0cd64cc9f2d05ac3f9d5ce6cec5f24aeadc29db721c3d020db1ec20476d0f5f62df3532fa20db5e97d44dda27fabdb

Score
10/10
icedid987543880bankerspywarestealertrojan

Malware Config

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

bigcostarikas.top

extrimefigim.top
Attributes
  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core/cmd.bat

    • Size

      188B

    • MD5

      2e2b47ce11618a88fdf41c2215ac0df6

    • SHA1

      acb49181de3711e7cb0136033b53f7d0c628614a

    • SHA256

      206adcd9c6879f5033e7395c523444430c90532675ac149b3434c84115ea95c3

    • SHA512

      e8aef9395943d5e21904df89c7d44d4da6fe686ea31c3f61851efd5cd476bb524a29ccf47e884ffd4305ebc032df1057e9f7a786901a5f7f58f79e5fefcba4e5

    Score
    10/10
    icedid987543880bankertrojanspywarestealer

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks