General

  • Target

    core.zip

  • Size

    349KB

  • Sample

    210623-fa6mx24cr2

  • MD5

    d86fa85a9902573abc91b7bc80c96e1c

  • SHA1

    1202c844cf83f8605380e6b5754b619a7de3a67a

  • SHA256

    512b17c540c622e90879c8f382013187f6053a858381364367c258639b34b21e

  • SHA512

    05d6becba206748c1d4440ce5766e5265a2d8f0746e858b61d314b390bd5ad8e1d5be94c0bbfd3b4b84ae5cd6e3ae4ac63e084379dea824731a6431ce4a77be5

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

bigcostarikas.top

extrimefigim.top

Attributes
auth_var
8
url_path
/news/

Targets

    • Target

      core/cmd.bat

    • Size

      188B

    • MD5

      18922a31adfef9144b9c68694a211b48

    • SHA1

      1e63fbb6511e15ba07f555c11b2a05d63e49b5a3

    • SHA256

      68867aec1fd8a6eb416081c747705e847de95c033f5b38eb57ea575c69397210

    • SHA512

      573349edbae1baf769457402c65670b9d76facec7c056010a7b2a556d433d9176418cd4a2a39dd04654c3c4216019d27d47e15a6c1fd4f4fdcc57d5f98664a4a

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      core/genre-64.dat

    • Size

      48KB

    • MD5

      1a90ea27cf944e04b70ca2f3c92ab6d9

    • SHA1

      3cdb8c31496d5de43fcd627077f98a5548a22627

    • SHA256

      039a59bfb6b07872a7bba707045f9639d029c2009b4c4297af1526cdaa07d479

    • SHA512

      a41b590e5b2b1bcf1c6e5db066b74eec41e29976a2193e2bffc0f96571888e86f44197e813dd78f8814e752b70466e18622c27ea050ed954b2bf639157fac535

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation