Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10_x64

10

juice_64.tmp.dll

windows7_x64

10

juice_64.tmp.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    389KB

  • Sample

    211104-vfdj4sebhn

  • MD5

    44e4237c2a851ebecb32d284ae33ee09

  • SHA1

    623b44ed2d5ce68b60353a1d8f44dc03badf25fe

  • SHA256

    d5e57e4e2a3910ab28632471233faf5faae4e52f412a7058844683231fe1621d

  • SHA512

    146c06be963aac3bd1d3b3f5a1341774b373a9ce491de8efc3bb3e818eae6926c1b2de505d5cb79952f5e7f707dae5231e2a0a17487b21cc24d51fcaaf1109a7

Score
10/10
icedid1217670233bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

novemberprosse.space
Attributes
  • auth_var

    13

  • url_path

    /posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      00d922001e1ea040454c350b63619bd3

    • SHA1

      b45abf4e6fe04d5e15514138ec4e5e020af0980d

    • SHA256

      3b06cc4363bbc2dc5ec736e73b7807ac1beedd5bb8d08076f74736df17655157

    • SHA512

      0de1ec67e3dfb55e89b309c0225da6f4db986eaa1cb4c0fd3b30526e594e74132cef82813e0201425a6aa0a8ed69dce4ca8f1ff8555433d5b68fad71b263aa6f

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      juice_64.tmp

    • Size

      183KB

    • MD5

      04b4919555e2a4917a88ab1333e63faf

    • SHA1

      54ddab99969c284c87553dcab7c81894571032d8

    • SHA256

      637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc

    • SHA512

      e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks