General
-
Target
file
-
Size
380KB
-
Sample
211118-1h3vnsagh5
-
MD5
2ee69fa8d438e09843677ddf714b1a74
-
SHA1
bcb8406af5e6287160406c79f7d257724c265754
-
SHA256
15e48916e0b93a31833124bf9229ed65cd8a4194bfd77c1f81fba8ea8de14462
-
SHA512
4e4d008740c01b525df63e49481bb9c15c130c58ed47d08c2eda2d8957863c03e02c6d9f3f07644810355e669dd6a2e161822a4a553ce1915a049ea595e06294
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
tankx64.dat.dll
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
tankx64.dat.dll
Resource
win10-en-20211104
Malware Config
Extracted
icedid
Extracted
icedid
2237127122
lokidasterreno.site
onmentalsocio.top
burgomustopr.rest
lopityr4.pw
-
auth_var
2
-
url_path
/posts/
Targets
-
-
Target
core.bat
-
Size
182B
-
MD5
63576ba479ae61e2de46ac073ca881aa
-
SHA1
4b6b8bee793ebd7adcd83203592d7864221378aa
-
SHA256
754e8df4cf961cbc099177d841f6acbfaf8662142a0e4428e175d27e8d518adf
-
SHA512
cd9a0a936a60e746cd429ac292fa803c5a3bfb5d5a3862d3d4c5b798539e9a21c5ddb4205cc6e83de2fb7800dc05275f90cfa9975346b9ab6f4bd3c271e8c884
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
tankx64.dat
-
Size
68KB
-
MD5
29780ffeeb8ec97a14cc30b66e59dd48
-
SHA1
d12c4fcdd718a5aa6166db868b969481feddd5ec
-
SHA256
c9030ecdef873b6a72452bfdbe2ced84e96ba065af335da91bcb75369e945c1a
-
SHA512
851f2547bc5ecc672a1510291062b68cbd17245fc4ec76441b5dded99307403c89bd0cb204a901a8b0be09e71bca92e0846f67d58b0d68ee29f7d94aa67c77b1
Score10/10 -