icedid | 219503ea9a72bfecd77da975355ec88a16e8fea6d9a03ff7cb76c8f573db7a75

Sharing

General

Target

30e382a6a16549580c28d59e8b2e48d2.exe
Size

217KB
Sample

211110-nc6cdsghd3
MD5

30e382a6a16549580c28d59e8b2e48d2
SHA1

337ea7adc36ddbdce5a40ae5ef86c00231dc469b
SHA256

219503ea9a72bfecd77da975355ec88a16e8fea6d9a03ff7cb76c8f573db7a75
SHA512

1ed53bb1fe48aaf0417e89d80b3144db87cd44d1c322c837bd30ccb9e763ac72a66f2e4927c856a20ab7c986368fc6b48e93167828d9abf909d40f82371bdfd3

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

http://nalirou70.top/

http://xacokuo80.top/

http://nusurtal4f.net/

http://netomishnetojuk.net/

http://escalivrouter.net/

http://nick22doom4.net/

http://wrioshtivsio.su/

http://nusotiso4.su/

http://rickkhtovkka.biz/

http://palisotoliso.net/

rc4.i32

Extracted

Family

redline

Botnet

new3

93.115.20.139:28978

Extracted

Family

redline

Botnet

SuperStar

185.215.113.29:36224

Extracted

Family

icedid

Botnet

1217670233

lakogrefop.rest

hangetilin.top

follytresh.co

zojecurf.store

Attributes

auth_var
14
url_path
/posts/

Extracted

Family

raccoon

Botnet

8dec62c1db2959619dca43e02fa46ad7bd606400

Attributes

url4cnc
http://telegin.top/capibar
http://ttmirror.top/capibar
http://teletele.top/capibar
http://telegalive.top/capibar
http://toptelete.top/capibar
http://telegraf.top/capibar
https://t.me/capibar

rc4.plain

Extracted

Family

redline

Botnet

102

185.92.73.142:52097

Extracted

Family

redline

Botnet

pub3

185.215.113.46:80

Targets

- Target
  
  30e382a6a16549580c28d59e8b2e48d2.exe
- Size
  
  217KB
- MD5
  
  30e382a6a16549580c28d59e8b2e48d2
- SHA1
  
  337ea7adc36ddbdce5a40ae5ef86c00231dc469b
- SHA256
  
  219503ea9a72bfecd77da975355ec88a16e8fea6d9a03ff7cb76c8f573db7a75
- SHA512
  
  1ed53bb1fe48aaf0417e89d80b3144db87cd44d1c322c837bd30ccb9e763ac72a66f2e4927c856a20ab7c986368fc6b48e93167828d9abf909d40f82371bdfd3
Score

10^/10

icedid raccoon redline smokeloader 102 1217670233 8dec62c1db2959619dca43e02fa46ad7bd606400 new3 pub3 superstar backdoor banker discovery infostealer persistence spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

IcedID, BokBot

Raccoon

RedLine

RedLine Payload

SmokeLoader

Core1 .NET packer

Downloads MZ/PE file

Executes dropped EXE

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2