General

  • Target

    core.zip

  • Size

    344KB

  • Sample

    210726-a4jls9zgbs

  • MD5

    e0a93b2c7b5f006d416f7d2331de1ead

  • SHA1

    487711de80d662a647acd254e26a1df8e9ec6473

  • SHA256

    9103651ca39f644db669bee52d364ce9181d2f797290c975d76aec9e7dd78415

  • SHA512

    0e42f864846213d83ea33656c630c349f959b2b80117e0aa6d262a8e5b2f5715b0843172864f9dde75b0edbc0ed40e445e55525845a4df559f67f7dec47bb766

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

524571734

C2

gsterangsic.buzz

oscanonamik.club

riderskop.top

iserunifish.club

Attributes
  • auth_var

    6

  • url_path

    /news/

Targets

    • Target

      core/cmd.bat

    • Size

      185B

    • MD5

      53cc0ad8caf01d4c06d01df2a27726a7

    • SHA1

      a4331d3783ce365f2bb5c62ac4cf10ff375158c2

    • SHA256

      76c39b81fd9f933319b5f23167aee5b4fdba73db84f2f72bb4304dd9076ae2e7

    • SHA512

      c4161c60580e9cbbe76a38fb4a463b70955a2223575881d59ce3ee6cc3cb6f2e30727df7fc405334bc4483e4db472c1cdeb6f9742b36279c93cb992423b0688d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      core/kind-.tmp

    • Size

      37KB

    • MD5

      f8683c57e8f893b3411f98e5abaee9ab

    • SHA1

      1845303c31214052f2fe5c7f2a4b15bd7320d363

    • SHA256

      7c73d2d72c3ebbe67e9245df5a909acdfe28a5207e220d353e3797e1d7ee2fe9

    • SHA512

      0f714bd64aefa887566896b682934a122215830b6ca77bdbef99e688b493212cc77287374e7a97165f9b89eb42fd5f81bf80487e49d0832218a9e2e766fc5927

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks