Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

core/front_64.tmp.dll

windows7_x64

10

core/front_64.tmp.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    412KB

  • Sample

    211026-tcjfhshhd3

  • MD5

    aa274642c27f13fbba49b179b8789e2f

  • SHA1

    c3b0d944d837641349512d84ba1b2064e737f62d

  • SHA256

    b200285b205f1d27e6e1cddbb960785b391f779efe4bc1c9f917aad0f5ef9ba4

  • SHA512

    25a100ab12de3deac3341245a45b6218944d61b76bdd3a0d887eb8382c19522dca62202282f5f030588fbd38d53240319ad87951fe4e1ae09ea2b1d5c96d4125

Score
10/10
icedid1217670233bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

essaipienure.space
Attributes
  • auth_var

    7

  • url_path

    /posts/

Targets

    • Target

      core/cmd.bat

    • Size

      191B

    • MD5

      49941f222a0c3ed8fa9d745374dc9a48

    • SHA1

      949ad4de2269d3794b5fc79548787ce9a9e0f84a

    • SHA256

      2084a50f32440a77fdb0fb552d0e69f3b729dde3c0ab79800bf058eec03db5b2

    • SHA512

      e426427463896efda02e54b1578d597324ade6259f8498b3ab82a09899615abe4e81214a28d85287e98f7aa5f5253b528df3dd7b8753429e210c4d620045b79a

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      core/front_64.tmp

    • Size

      300KB

    • MD5

      f6376483b6e286268294ca4e465a9d07

    • SHA1

      44e61d92c10da340e7b27838e646e194bc943b84

    • SHA256

      94977afc7ea0c51998b79d3f033d9efc65a3802d9a0b3fe454d73ebf639e71a0

    • SHA512

      3df43b5de2f2d6ad892f4788cc135f5a269ede12f2a4df935a8ddf24403c3446f6ffd3bd2dc6cb3aa2adbd479140d0dd9979abc282f9d4f2e6b9100529dc8d48

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks