icedid | 02065326c23d7dbb2e4d2ba63e4b428ac397d0814f04ea64515f4cf2e5818487 | Triage

Sharing

General

Target

file
Size

4.1MB
Sample

210910-xhm8fadfcm
MD5

21aca97a9417b32638cc88ac04948a81
SHA1

f315c652bfd585391ce67572ceaee4cfe3dd3e41
SHA256

02065326c23d7dbb2e4d2ba63e4b428ac397d0814f04ea64515f4cf2e5818487
SHA512

9ad00146c928fce55fef58c411a3d9bcbc4222cda3fb16fd0fb0a5f7044695a4b486a98b50df9dddd9de4f6ec247160ca1dadcc2fea6d685f70acae30e78126a

Score

10^/10

icedid 1820688957

Malware Config

Extracted

Family

icedid

Botnet

1820688957

C2

timerework.fun

pexxota.space

Attributes

auth_var
6
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  222B
- MD5
  
  c1432ae7a15e7d43e44abeaa97bcc77d
- SHA1
  
  e348e5f29ed0d16511680f7b57a3b4feaf920026
- SHA256
  
  6422c2bff92af11fc31c710ca2e8bbe74a41b9e3db9103c64dd6e55baa0899f2
- SHA512
  
  cd73eac203805d233cac32e52aef6261611fa2c662346e3f83b4bc2b57d371ad9f81aee2a31531f3901a9eda03a32fb6a671d9c64b084e966de9cd5cb3ffd3cc
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  vessel-64.dat
- Size
  
  4.5MB
- MD5
  
  6d912f3cb045cfce88c96f0da2addf3b
- SHA1
  
  52286ca71ac4239c5e2faad25e569f83ca4b35ee
- SHA256
  
  7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7
- SHA512
  
  e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

1820688957icedid

behavioral1

behavioral2

behavioral3

behavioral4