General
-
Target
file
-
Size
389KB
-
Sample
211104-vfdj4sebhn
-
MD5
44e4237c2a851ebecb32d284ae33ee09
-
SHA1
623b44ed2d5ce68b60353a1d8f44dc03badf25fe
-
SHA256
d5e57e4e2a3910ab28632471233faf5faae4e52f412a7058844683231fe1621d
-
SHA512
146c06be963aac3bd1d3b3f5a1341774b373a9ce491de8efc3bb3e818eae6926c1b2de505d5cb79952f5e7f707dae5231e2a0a17487b21cc24d51fcaaf1109a7
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
juice_64.tmp.dll
Resource
win7-en-20210920
Behavioral task
behavioral4
Sample
juice_64.tmp.dll
Resource
win10-en-20211014
Malware Config
Extracted
icedid
1217670233
lakogrefop.rest
hangetilin.top
follytresh.co
novemberprosse.space
-
auth_var
13
-
url_path
/posts/
Extracted
icedid
Targets
-
-
Target
core.bat
-
Size
184B
-
MD5
00d922001e1ea040454c350b63619bd3
-
SHA1
b45abf4e6fe04d5e15514138ec4e5e020af0980d
-
SHA256
3b06cc4363bbc2dc5ec736e73b7807ac1beedd5bb8d08076f74736df17655157
-
SHA512
0de1ec67e3dfb55e89b309c0225da6f4db986eaa1cb4c0fd3b30526e594e74132cef82813e0201425a6aa0a8ed69dce4ca8f1ff8555433d5b68fad71b263aa6f
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
juice_64.tmp
-
Size
183KB
-
MD5
04b4919555e2a4917a88ab1333e63faf
-
SHA1
54ddab99969c284c87553dcab7c81894571032d8
-
SHA256
637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc
-
SHA512
e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9
Score10/10 -