General
-
Target
file
-
Size
382KB
-
Sample
211103-2ywa7scegp
-
MD5
d02776a7b7f83ac555f243de2d0589c1
-
SHA1
e7c81c5dbebebc6556fbd44824b2a4979b7e3ad6
-
SHA256
f41a60c5baf401288c752ede491b0a0e7e0accab5919b63eef95d587b9f9e55e
-
SHA512
9379744a4a244bccd9fccbdbda2bc088af4d859f5e5fd43e612e774bbdef6860e7e37fbeb9abf856ca9cc8d064c5403645d0f3b91806ed736bde87ae3ba94633
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
nnelforwfin.top
lakogrefop.rest
hangetilin.top
follytresh.co
-
auth_var
12
-
url_path
/posts/
Targets
-
-
Target
core.bat
-
Size
184B
-
MD5
2b4f27b826aec08eb90ff784b25d048d
-
SHA1
b1444548b53ec112797cc7d03a1e227fe71315ca
-
SHA256
b976471778c3abead8001c5a7db7d39b461e88bbd5322a579d86c1ca725375fb
-
SHA512
d6316825b5372e445941b75b08b04aaee49bab12d752dba4691aac8093100d1632a1b07e6b7d6899c528e6777f0bcfcd977e02a7f8d559b29e205703f573d434
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
-
-
Target
pigeon64.dat
-
Size
159KB
-
MD5
de317e8f5ed28affbf38306925aa59a8
-
SHA1
38f670fadedf06bf12243b74618c5e4461416a6f
-
SHA256
b16bfd48ebbe416330327d2462bb5084bf0e3dfadd237b10e0c4670ed52532ef
-
SHA512
c9b02fa7effaeba55d1f324da2557c210b04b031991b1909d85dde90fed162d3c3afa8325ec96cd52f306074def915bf7c99e361502fea920bb33f68f322abce
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-