icedid | 660effaf33e85bc19be61ab5cfa64fc187bc9902317c292770a5a18683b000ed | Triage

Resubmissions

13-09-2021 11:20

210913-nfdrjsdee4 10

13-09-2021 09:09

210913-k4h5dsddd4 10

Sharing

General

Target

file
Size

4.1MB
Sample

210913-nfdrjsdee4
MD5

c790bf1bd8420e2deb566231306b99ce
SHA1

a8272fe150185bbb74ef087a1727c5842e3859fa
SHA256

660effaf33e85bc19be61ab5cfa64fc187bc9902317c292770a5a18683b000ed
SHA512

3aaec32118565336be00992ccd1257a454d5bca9c3e7bf8b8667ec025ee1bb8d6d89420bad145e28b0b98f7836691c902ac338154f2edb2d13343c7765b50e5c

Score

10^/10

icedid 1820688957

Malware Config

Extracted

Family

icedid

Botnet

1820688957

C2

timerework.fun

pexxota.space

Attributes

auth_var
6
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  c69400616b3e6ff4875c8322f7ef0ed1
- SHA1
  
  da112c52c72f50a64ff4aabcec17f5f3c16c5148
- SHA256
  
  d6e0649ba38b6acbd75fd06d34cbe332220c4b6d7d774afceaa2816a6bd8ba68
- SHA512
  
  2c61b0c6578eb8306da959ad329723902469a07418b2ea80a93f330f59ce757c0d660b7ae915d6d14735e6557b324668c6fd1af9cc0da866cc139fc35e5df0f9
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  vessel-64.dat
- Size
  
  4.5MB
- MD5
  
  6d912f3cb045cfce88c96f0da2addf3b
- SHA1
  
  52286ca71ac4239c5e2faad25e569f83ca4b35ee
- SHA256
  
  7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7
- SHA512
  
  e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Matrix

Tasks

static1

1820688957icedid

behavioral1

behavioral2