General
-
Target
core.zip
-
Size
379KB
-
Sample
211018-ztfc3sefh8
-
MD5
275ae82cce48826189bd51d9e2598cb2
-
SHA1
178d737e99057c14e1d282851b21ca49af549b43
-
SHA256
e5ee7402d48cb382754c0ecb9a2479e19dbae32230c4945efee7864fc030ed6a
-
SHA512
27b4a6b89248639a39a3f7903f192a15a03aca4438840163695752729b07d0996d4352e40bcdda5d58449cb8b9ba95915ae105b9f974512810952c26f9c61f5e
Static task
static1
Behavioral task
behavioral1
Sample
core/cmd.bat
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
core/cmd.bat
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
core/diary_64.dat.dll
Resource
win7-en-20211014
Behavioral task
behavioral4
Sample
core/diary_64.dat.dll
Resource
win10-en-20210920
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
nnelforwfin.top
viewsketplctly.fun
omersure.space
ferfreenights.site
-
auth_var
3
-
url_path
/posts/
Targets
-
-
Target
core/cmd.bat
-
Size
191B
-
MD5
daea1c68d865761ea37be016eec39de0
-
SHA1
bead4866eefffdde31345135631f79facc541b70
-
SHA256
a5128b4a2ebe0daa72e3c426022723e55e9d759da42ffb9ce66552a54feb76d3
-
SHA512
c6552fe6245f1f220f7202e84cf6aad6bf201ccf66601c42d8150c944aea6160bef013916cf55612d09efd825092dc7772383050780ab93e57ff1a44b7c83291
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
core/diary_64.dat
-
Size
114KB
-
MD5
65133fbf755d46ddf03669c857ca7cb6
-
SHA1
d50ba0e6064550837502479f1bc98c46b98f0274
-
SHA256
ec70e9f9b4ab8635865f69b0a024b86bcc5483d29d5d8094365e98f349f82a29
-
SHA512
6957cf6963c1753469bfdd5c68abc5c08916eb306519027082afab609eb0bf5e82bb881d38c9cc37c1794babbb7110e59c70221ad58992984f9bc82cd0c21a85
Score10/10 -