General
-
Target
core.zip
-
Size
412KB
-
Sample
210603-rhnyldpjqa
-
MD5
199337409fbff480bd855672fb2e46ee
-
SHA1
19b0b8e51cbd6d0073ea22f875b7a2854696fb6b
-
SHA256
293faad0e341c3fd59e0c668e98a4289f07b8b2f862e1d9ffabbbdd718b42fb8
-
SHA512
a5685a513de76752c4eef4ea3d4b15056d0cd64cc9f2d05ac3f9d5ce6cec5f24aeadc29db721c3d020db1ec20476d0f5f62df3532fa20db5e97d44dda27fabdb
Malware Config
Extracted
icedid
987543880
fimlubindu.top
vindurualeg.top
bigcostarikas.top
extrimefigim.top
-
url_path
/news/
Extracted
icedid
Targets
-
-
Target
core/cmd.bat
-
Size
188B
-
MD5
2e2b47ce11618a88fdf41c2215ac0df6
-
SHA1
acb49181de3711e7cb0136033b53f7d0c628614a
-
SHA256
206adcd9c6879f5033e7395c523444430c90532675ac149b3434c84115ea95c3
-
SHA512
e8aef9395943d5e21904df89c7d44d4da6fe686ea31c3f61851efd5cd476bb524a29ccf47e884ffd4305ebc032df1057e9f7a786901a5f7f58f79e5fefcba4e5
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-