General
-
Target
file
-
Size
4.1MB
-
Sample
210910-xhm8fadfcm
-
MD5
21aca97a9417b32638cc88ac04948a81
-
SHA1
f315c652bfd585391ce67572ceaee4cfe3dd3e41
-
SHA256
02065326c23d7dbb2e4d2ba63e4b428ac397d0814f04ea64515f4cf2e5818487
-
SHA512
9ad00146c928fce55fef58c411a3d9bcbc4222cda3fb16fd0fb0a5f7044695a4b486a98b50df9dddd9de4f6ec247160ca1dadcc2fea6d685f70acae30e78126a
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v20210408
Behavioral task
behavioral3
Sample
vessel-64.dat.dll
Resource
win7-en
Behavioral task
behavioral4
Sample
vessel-64.dat.dll
Resource
win10-en
Malware Config
Extracted
icedid
1820688957
timerework.fun
pexxota.space
-
auth_var
6
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
222B
-
MD5
c1432ae7a15e7d43e44abeaa97bcc77d
-
SHA1
e348e5f29ed0d16511680f7b57a3b4feaf920026
-
SHA256
6422c2bff92af11fc31c710ca2e8bbe74a41b9e3db9103c64dd6e55baa0899f2
-
SHA512
cd73eac203805d233cac32e52aef6261611fa2c662346e3f83b4bc2b57d371ad9f81aee2a31531f3901a9eda03a32fb6a671d9c64b084e966de9cd5cb3ffd3cc
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
vessel-64.dat
-
Size
4.5MB
-
MD5
6d912f3cb045cfce88c96f0da2addf3b
-
SHA1
52286ca71ac4239c5e2faad25e569f83ca4b35ee
-
SHA256
7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7
-
SHA512
e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-