General
-
Target
file
-
Size
390KB
-
Sample
211202-2myl7afed7
-
MD5
3c67a89ba32f8869d29f60c59dcf3e3b
-
SHA1
bdb098e18bb3f39d44beaadaf70ec507d2265775
-
SHA256
412a340385c3040dfbc50eea3a572f6eea0d659f5eaa6e45bee04827a6749464
-
SHA512
66ccb6fb1ba53c6eacbbc7b909e7e45b99cb4c1d32c830d31d474fae46548854bc773ff636dd1104b112f96cc4491070ca73a94b312f3ef63c9030a4aaa0030c
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
jacket-32.tmp.dll
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
jacket-32.tmp.dll
Resource
win10-en-20211014
Malware Config
Extracted
icedid
Extracted
icedid
3412078469
billiwilli.top
zasewalli.fun
commerciallim.top
domalipfo.top
-
auth_var
13
-
url_path
/posts/
Targets
-
-
Target
core.bat
-
Size
186B
-
MD5
a18217c66f888e9ba03a1850b29948dd
-
SHA1
c8c9070b7f95b9c7db163de0132becba1b8345d4
-
SHA256
96691d08242d35ab24a0f642d98e121ed9bd03051d4e0465924f0cd6b5e07514
-
SHA512
76a8533ab61a7899a86364a259ffc46a73d577fe8a01018f113d1be7b331049dd88243c0afaeeac5c6f37fe70ed678a538e2809631718f4ddfc5010116b54ba4
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
jacket-32.tmp
-
Size
115KB
-
MD5
f22f40ff1bc90d3c537f0f3ab2833022
-
SHA1
117e3ee27b9b94ef482eb2788dc88a4b5b58ffad
-
SHA256
1b3bb00e8340fbed698b4817efc16d3e0232a06a0a40dc4bd247b0dfb4bd5f20
-
SHA512
05191e0c7fbea12fed9197174a11c2d8541596788cf93470647250cb238df87e6955fd3b10018d4fa022a42a274b596764365537d4a4761fb5c336368a9be52b
Score10/10 -