General
-
Target
core.zip
-
Size
362KB
-
Sample
211012-1f72lsdaep
-
MD5
0389ba48dda8cecbcf5da59fbb47620b
-
SHA1
8c3bd0befb55712fd4c428ba86766295b64ef7df
-
SHA256
d36327cfefdf0aad8cf31761d6ed74b072ef0a4cb3dcc5d61a932088a5e475a0
-
SHA512
02c4097fbbdd1e7f8d3550760181d78d5f45c378e78a73c53f7eb3112029cb17d03240195b8b46bd24479b4abb961a0997ed4cfbe6619d39147eee6b30fd6e29
Static task
static1
Behavioral task
behavioral1
Sample
core/cmd.bat
Resource
win7v20210408
Behavioral task
behavioral2
Sample
core/cmd.bat
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
core/sentence_x64.dat.dll
Resource
win7v20210408
Behavioral task
behavioral4
Sample
core/sentence_x64.dat.dll
Resource
win10-en-20210920
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
parkerrsberg.site
2sekillo.pw
subdibermarine.pw
zoplasure.top
-
auth_var
2
-
url_path
/posts/
Targets
-
-
Target
core/cmd.bat
-
Size
193B
-
MD5
4ed6ace50207a518b1d2e371ef73026c
-
SHA1
a35694d96348c847186deb81dffc141260b43af5
-
SHA256
86bfd3cff6755ab4e7d2a7e17695481369158caf383ead4f71a7a9d7ace4e8d9
-
SHA512
58468f96d25bb15a8c1b74b562d9918a044f3b854061eb2023c23ed6dc226246ac1091436c5655f42714b228e150f651ddfd31909ef815381de282000d78e791
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
core/sentence_x64.dat
-
Size
83KB
-
MD5
10d53f2baf0cc1321090e01201be84ab
-
SHA1
153931308c62f6104d7c55c5690ed952833af6ac
-
SHA256
e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263
-
SHA512
435451c84aba99d9b80c304a37e00eadc7bc11c583bc10c6c45e18a37fc223815218b8877cac1db079983b7ce696a03f487bd501bc7e32815e02335995616e00
Score10/10 -