Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

core/sente...at.dll

windows7_x64

10

core/sente...at.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    362KB

  • Sample

    211012-1f72lsdaep

  • MD5

    0389ba48dda8cecbcf5da59fbb47620b

  • SHA1

    8c3bd0befb55712fd4c428ba86766295b64ef7df

  • SHA256

    d36327cfefdf0aad8cf31761d6ed74b072ef0a4cb3dcc5d61a932088a5e475a0

  • SHA512

    02c4097fbbdd1e7f8d3550760181d78d5f45c378e78a73c53f7eb3112029cb17d03240195b8b46bd24479b4abb961a0997ed4cfbe6619d39147eee6b30fd6e29

Score
10/10
icedid1217670233bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

parkerrsberg.site

2sekillo.pw

subdibermarine.pw

zoplasure.top
Attributes
  • auth_var

    2

  • url_path

    /posts/

Targets

    • Target

      core/cmd.bat

    • Size

      193B

    • MD5

      4ed6ace50207a518b1d2e371ef73026c

    • SHA1

      a35694d96348c847186deb81dffc141260b43af5

    • SHA256

      86bfd3cff6755ab4e7d2a7e17695481369158caf383ead4f71a7a9d7ace4e8d9

    • SHA512

      58468f96d25bb15a8c1b74b562d9918a044f3b854061eb2023c23ed6dc226246ac1091436c5655f42714b228e150f651ddfd31909ef815381de282000d78e791

    Score
    10/10
    icedid1217670233bankercollectionspywarestealertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      core/sentence_x64.dat

    • Size

      83KB

    • MD5

      10d53f2baf0cc1321090e01201be84ab

    • SHA1

      153931308c62f6104d7c55c5690ed952833af6ac

    • SHA256

      e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263

    • SHA512

      435451c84aba99d9b80c304a37e00eadc7bc11c583bc10c6c45e18a37fc223815218b8877cac1db079983b7ce696a03f487bd501bc7e32815e02335995616e00

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks