General
-
Target
file
-
Size
390KB
-
Sample
211201-p6157sfcc6
-
MD5
1c7fdb0b5b9d235e494cea58137f3c53
-
SHA1
0b95828440971694da3ecd0cb10723502897cf53
-
SHA256
6c5a79a54cb680ed06f1a057facbeb78088e9c28870a96b015856e490b718d10
-
SHA512
f9a3f3e4efbadcdaed845581b572dc03d6cc12a9a918a3a84223b1862ec76f9b37db8407a10f4c29c13a72f9d3b431f5fae748105ea024e146397bd8fa42499d
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20211104
Behavioral task
behavioral3
Sample
excuse64.dat.dll
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
excuse64.dat.dll
Resource
win10-en-20211014
Malware Config
Extracted
icedid
Extracted
icedid
1892568649
baeswea.com
bersaww.com
-
auth_var
10
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
184B
-
MD5
3d8324a955312a7ffcb44b35919f59c7
-
SHA1
9fd77adcf0405680c06963c576e192c58561ca5d
-
SHA256
743953ecd93245846c2c8b44b9d6c7c5a7a98cba40631102ed5f77d9189df934
-
SHA512
deb56530f203f064e7b8c65ae361185d1c734ba3d542f9e47f33224898e6426c918bf860951f4c6c6a51c56ebf328e7b1067ee9494d97e189ee2adc5890c6fbe
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
excuse64.dat
-
Size
113KB
-
MD5
536632a5b6a1cc4b633a4ac6cbbc50d2
-
SHA1
2657fbe364ed295c49beece438a9d37c2f0469dd
-
SHA256
2e71372399e5856b9905a9ca13815ab6a0ab8925a2f8a0b0831b17e5b55ec0f3
-
SHA512
bed289efdb8bfcd68d44d2cb13f0430e6780476a208ada4258f1dacf492c46336da295e4690f2b691793610e124d29bee5444af4aeeaadc9a6e6e094e7d4b87f
Score10/10 -