Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

core/juice_64.tmp.dll

windows7_x64

10

core/juice_64.tmp.dll

windows10_x64

10

Resubmissions

05-11-2021 17:23

211105-vx8rkscdc2 10

05-11-2021 17:22

211105-vxp98shfam 10

05-11-2021 15:51

211105-taygnacbg7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    389KB

  • Sample

    211105-taygnacbg7

  • MD5

    784c1596fdb801ea4932fdea366880f7

  • SHA1

    d60411ea2a461f0f178df0d54b86aa8dd2fb26f1

  • SHA256

    adb765a241be6fcab34cc7713fb7dfc60357238979d3a614f1ac24b23ed9f147

  • SHA512

    7b1bd6397309b91cc563c3857f92ec6b2acfe9ed181ad4eb2b08bbe7d59e7acb2920bdf35c85556c811e6d1c308a4b7b16171be3614fa4e0c9bd7606110bbb20

Score
10/10
icedid1217670233bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

novemberprosse.space
Attributes
  • auth_var

    13

  • url_path

    /posts/

Targets

    • Target

      core/cmd.bat

    • Size

      191B

    • MD5

      cbf387299b88a84f4f6a489cb03991fa

    • SHA1

      82473cfc0772307332792985c7c48e70ace771e0

    • SHA256

      4b7784db765747109d7b64d3e272ddfc16c876698d778bffec4fd9751d3d246e

    • SHA512

      21ca0de188fa1f8d90dc68b091ddaa64a4e602e7b2aef7de004d3aff72dd888abcf504b4482bbd7a55d3f62a63a42569362a51f57c867a2551f4640bcd5ec556

    Score
    10/10
    icedid1217670233bankercollectionspywarestealertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      core/juice_64.tmp

    • Size

      183KB

    • MD5

      04b4919555e2a4917a88ab1333e63faf

    • SHA1

      54ddab99969c284c87553dcab7c81894571032d8

    • SHA256

      637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc

    • SHA512

      e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9

    Score
    10/10
    icedid1217670233bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks