General
-
Target
file
-
Size
390KB
-
Sample
211202-nzmhssagg9
-
MD5
32185dabfe78a1b329aaa9454851631b
-
SHA1
503d6f41c361b9e4148162e98067b962a394135c
-
SHA256
d4f52ddbdadca2e2efc4e63e2349fdf981326136ec07df787773385d6c87b32a
-
SHA512
2a3886291168f2eecd35c70d152d927a7601d4326a42711bfec9fa4e02f988b47968ca02f566238564bab8c5086ad641884a2aaceb84118adae035067f4db1da
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
core.bat
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
slab-64.tmp.dll
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
slab-64.tmp.dll
Resource
win10-en-20211104
Malware Config
Extracted
icedid
Extracted
icedid
1892568649
baeswea.com
bersaww.com
-
auth_var
10
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
182B
-
MD5
9971f78ab71eb0c8d677c1b523124816
-
SHA1
12c6e3c61f4838e50e19f07f1104406b945967f2
-
SHA256
fd567d9be6ce504ef6180c9f970c6b2f8de32ded5a0d5c59f0cc8d36ebb2caa7
-
SHA512
104e4795fdca25f50db9a5965711551d7d201a8b4073862f97ba5ac4e21c5e3cbf6860d19885af16d1265a9b2f9ec5e047db635d251316d899b2681ac734da61
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
-
-
Target
slab-64.tmp
-
Size
124KB
-
MD5
e53f86eb06a67783781202b471580c82
-
SHA1
dc541cee7c0b810da890fa3ea0923599140a1561
-
SHA256
0a795eb53d21799c975e4f4c0ca3817960d85278faec68a04882216f1e3a3020
-
SHA512
175243cc7ec631c3128d7fc7c53244e7f8c2abe878393569746b57bea12a04005fb0734170e738384a60e14322eec1ee7ddd5d1661e62ba469a547592b4d197f
Score10/10 -