General
-
Target
core.zip
-
Size
412KB
-
Sample
211026-tcjfhshhd3
-
MD5
aa274642c27f13fbba49b179b8789e2f
-
SHA1
c3b0d944d837641349512d84ba1b2064e737f62d
-
SHA256
b200285b205f1d27e6e1cddbb960785b391f779efe4bc1c9f917aad0f5ef9ba4
-
SHA512
25a100ab12de3deac3341245a45b6218944d61b76bdd3a0d887eb8382c19522dca62202282f5f030588fbd38d53240319ad87951fe4e1ae09ea2b1d5c96d4125
Static task
static1
Behavioral task
behavioral1
Sample
core/cmd.bat
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
core/cmd.bat
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
core/front_64.tmp.dll
Resource
win7-en-20210920
Behavioral task
behavioral4
Sample
core/front_64.tmp.dll
Resource
win10-en-20211014
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
nnelforwfin.top
lakogrefop.rest
hangetilin.top
essaipienure.space
-
auth_var
7
-
url_path
/posts/
Targets
-
-
Target
core/cmd.bat
-
Size
191B
-
MD5
49941f222a0c3ed8fa9d745374dc9a48
-
SHA1
949ad4de2269d3794b5fc79548787ce9a9e0f84a
-
SHA256
2084a50f32440a77fdb0fb552d0e69f3b729dde3c0ab79800bf058eec03db5b2
-
SHA512
e426427463896efda02e54b1578d597324ade6259f8498b3ab82a09899615abe4e81214a28d85287e98f7aa5f5253b528df3dd7b8753429e210c4d620045b79a
Score10/10-
Blocklisted process makes network request
-
-
-
Target
core/front_64.tmp
-
Size
300KB
-
MD5
f6376483b6e286268294ca4e465a9d07
-
SHA1
44e61d92c10da340e7b27838e646e194bc943b84
-
SHA256
94977afc7ea0c51998b79d3f033d9efc65a3802d9a0b3fe454d73ebf639e71a0
-
SHA512
3df43b5de2f2d6ad892f4788cc135f5a269ede12f2a4df935a8ddf24403c3446f6ffd3bd2dc6cb3aa2adbd479140d0dd9979abc282f9d4f2e6b9100529dc8d48
Score10/10 -