General
-
Target
file
-
Size
390KB
-
Sample
211130-w9l9safhdn
-
MD5
01e9c5943cda870d4cc0ce19a1b3499f
-
SHA1
f9635a6cf58ca012330f77f9acc4fb4c7a80c1ff
-
SHA256
42c0472e0b339aa985294f023b09df0fcae3c1bdc4760bbd0a39e749a2972df3
-
SHA512
01df1ee635641237292bfa0acb31b4fd93be36eec1b86ea5c6a79421068ea70ed5e23c3e5cf92d15ae249204445a6427fc29baffefa9d021fbac4ff13197d0ac
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
middlex64.dat.dll
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
middlex64.dat.dll
Resource
win10-en-20211104
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
lakogrefop.rest
hangetilin.top
follytresh.co
roadswendy.top
-
auth_var
18
-
url_path
/posts/
Targets
-
-
Target
core.bat
-
Size
186B
-
MD5
94945bb60fcf9ff32481147e47dfc747
-
SHA1
de3857dff6082d22de36c77968167d157a4e1352
-
SHA256
dffb0976f376bd528e228b195d5eba41acb3a5a6adf2acf7dc5463d6ff91da6f
-
SHA512
1b090a1ceff4fbd41a1a7ab263f40efa6e38db138a9764e60872647eec384676553e391e2d18418dad5d65b611ef374476a8c0de0d9e3b351e0a4619f75b4d28
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
middlex64.dat
-
Size
119KB
-
MD5
e5407acfe1ba6b264851752751bfdfc7
-
SHA1
7534d5b6a43064cfd1677091ad39ac7b6099b292
-
SHA256
ed4d19d3536e4c968425769edfad39459e7edf3ae7bc0246cc2163f656e85d68
-
SHA512
b470f9e2721b008e7fef10069443082f70f04f200dccad3166d3f7252aa98ba9cf7649201651c5e65f33c3e6bdd6ee2279a0500c4bc34aea304513ac442658fd
Score10/10 -