Resubmissions

05-11-2021 17:23

211105-vx8rkscdc2 10

05-11-2021 17:22

211105-vxp98shfam 10

05-11-2021 15:51

211105-taygnacbg7 10

General

  • Target

    core.zip

  • Size

    389KB

  • Sample

    211105-vxp98shfam

  • MD5

    784c1596fdb801ea4932fdea366880f7

  • SHA1

    d60411ea2a461f0f178df0d54b86aa8dd2fb26f1

  • SHA256

    adb765a241be6fcab34cc7713fb7dfc60357238979d3a614f1ac24b23ed9f147

  • SHA512

    7b1bd6397309b91cc563c3857f92ec6b2acfe9ed181ad4eb2b08bbe7d59e7acb2920bdf35c85556c811e6d1c308a4b7b16171be3614fa4e0c9bd7606110bbb20

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

novemberprosse.space

Attributes
  • auth_var

    13

  • url_path

    /posts/

Targets

    • Target

      core/cmd.bat

    • Size

      191B

    • MD5

      cbf387299b88a84f4f6a489cb03991fa

    • SHA1

      82473cfc0772307332792985c7c48e70ace771e0

    • SHA256

      4b7784db765747109d7b64d3e272ddfc16c876698d778bffec4fd9751d3d246e

    • SHA512

      21ca0de188fa1f8d90dc68b091ddaa64a4e602e7b2aef7de004d3aff72dd888abcf504b4482bbd7a55d3f62a63a42569362a51f57c867a2551f4640bcd5ec556

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Target

      core/juice_64.tmp

    • Size

      183KB

    • MD5

      04b4919555e2a4917a88ab1333e63faf

    • SHA1

      54ddab99969c284c87553dcab7c81894571032d8

    • SHA256

      637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc

    • SHA512

      e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks