Overview

overview

10

Static

static

core/pigeon64.dat.dll

windows7_x64

10

core/pigeon64.dat.dll

windows10_x64

10

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    382KB

  • Sample

    211104-s8qn2aghg4

  • MD5

    d3865da71a0c3405b9cf3b0635047217

  • SHA1

    9231f3db214b5328169bdac1db9fa409e52538dc

  • SHA256

    1b7dd10e893720eacb20354eb2873f2d219e0e1f57be1cae7af00f488aa669f8

  • SHA512

    2fb779b837029420ad7ae1002eb91db2b93d4ecae81044a6b27de79085a0efd04da5927c3cd2b4c3524b632886becb99e07e4e7d0c30ced743e47faf44f1c851

Score
10/10
icedid1217670233bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

follytresh.co
Attributes
  • auth_var

    12

  • url_path

    /posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core/cmd.bat

    • Size

      191B

    • MD5

      4abc6fa88d816505d38bd81fc1bedad8

    • SHA1

      9d6076a565be4f1f621c85a69afdc0a14cc07290

    • SHA256

      8327701ebf41547606cc4fa1461609c40d9662a553f4baece4f6534cc5a94799

    • SHA512

      5d3359e5cc9308d681e3dad628caa2768aa7de1e3c4fb4a3588ae263a05f43d889f2b7e843f42c96ca1ac6bcb4fa53fe4b5dbf7d1636bda91fda6ce1eb801292

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      core/pigeon64.dat

    • Size

      159KB

    • MD5

      de317e8f5ed28affbf38306925aa59a8

    • SHA1

      38f670fadedf06bf12243b74618c5e4461416a6f

    • SHA256

      b16bfd48ebbe416330327d2462bb5084bf0e3dfadd237b10e0c4670ed52532ef

    • SHA512

      c9b02fa7effaeba55d1f324da2557c210b04b031991b1909d85dde90fed162d3c3afa8325ec96cd52f306074def915bf7c99e361502fea920bb33f68f322abce

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks