General
-
Target
file
-
Size
794KB
-
Sample
211207-3j53jagee7
-
MD5
bea6e79c11c3ba06596fd16b0fdbd30c
-
SHA1
34d8c2731a05c4bbc9ef2edb957d486b2ea4ebeb
-
SHA256
df2c4e358ea24ec4c2e266c90072e1740ed0f0d83c2d4c27d9fb674bcf02363a
-
SHA512
025c106dabf19eabe2bb27e9cb7cfb0f6645818e84a9303d30f4362de5294cbdaf11439e7d1f2f0d4725dc5628b920bf028d1f4fd278cce17508afaa28bb8ab8
Malware Config
Extracted
icedid
Extracted
icedid
1217670233
lakogrefop.rest
follytresh.co
roadswendy.top
inistratorilin.top
-
auth_var
23
-
url_path
/posts/
Targets
-
-
Target
core.bat
-
Size
182B
-
MD5
1d3eb65367170af44b8ce00a47841856
-
SHA1
bf38ff5068af724fee73ebcb87c7fb2a124dda88
-
SHA256
31fe4791afc1a720ab77f9eeda11409665a0642ec3b59faabd0aaddef35a8ea6
-
SHA512
a25d64c88e4fdbc4928d9a78e69b4499f21a971c6b3cbe416464a1cafcb753451b85f4b0a9b9e42706b89f623c8adab2b86548be7e72c3458136d3d386a79d42
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
-
-
Target
taste32.dat
-
Size
1.1MB
-
MD5
7a979e1c5469de59b0dbd467d4408243
-
SHA1
7a141f5923b4cf8214c190d7e04c402e191d20b7
-
SHA256
8cedd52d6a656389f12e1a7a278d6ce50552dbfea7d7e20e2eb6dcf529f1bcd6
-
SHA512
6d1acbfef7e7de12a0002abe6520f1f91fa40bed60ebb6625f243116abd653c2de6bb716570e420479cb9bc381d8939c978d59282646df6d478a9b7147cba3b0
Score1/10 -