core.zip

General
Target

core.zip

Size

344KB

Sample

210726-a4jls9zgbs

Score
10 /10
MD5

e0a93b2c7b5f006d416f7d2331de1ead

SHA1

487711de80d662a647acd254e26a1df8e9ec6473

SHA256

9103651ca39f644db669bee52d364ce9181d2f797290c975d76aec9e7dd78415

SHA512

0e42f864846213d83ea33656c630c349f959b2b80117e0aa6d262a8e5b2f5715b0843172864f9dde75b0edbc0ed40e445e55525845a4df559f67f7dec47bb766

Malware Config

Extracted

Family icedid
rsa_pubkey.plain

Extracted

Family icedid
Botnet 524571734
C2

gsterangsic.buzz

oscanonamik.club

riderskop.top

iserunifish.club

Attributes
auth_var
6
url_path
/news/
Targets
Target

core/cmd.bat

MD5

53cc0ad8caf01d4c06d01df2a27726a7

Filesize

185B

Score
10/10
SHA1

a4331d3783ce365f2bb5c62ac4cf10ff375158c2

SHA256

76c39b81fd9f933319b5f23167aee5b4fdba73db84f2f72bb4304dd9076ae2e7

SHA512

c4161c60580e9cbbe76a38fb4a463b70955a2223575881d59ce3ee6cc3cb6f2e30727df7fc405334bc4483e4db472c1cdeb6f9742b36279c93cb992423b0688d

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

Target

core/kind-.tmp

MD5

f8683c57e8f893b3411f98e5abaee9ab

Filesize

37KB

Score
10/10
SHA1

1845303c31214052f2fe5c7f2a4b15bd7320d363

SHA256

7c73d2d72c3ebbe67e9245df5a909acdfe28a5207e220d353e3797e1d7ee2fe9

SHA512

0f714bd64aefa887566896b682934a122215830b6ca77bdbef99e688b493212cc77287374e7a97165f9b89eb42fd5f81bf80487e49d0832218a9e2e766fc5927

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks