Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10_x64

10

unit-x64.dll

windows7_x64

10

unit-x64.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    357KB

  • Sample

    220129-rjaqvaccg2

  • MD5

    83f6d682c1fa3d9d54a0c8cd0ad64712

  • SHA1

    4bf9f2efa93d05111d0a8865776174c0c8c64513

  • SHA256

    8e5bdda89c8ce1942f5e2292f97dbcbcd6ac54f09d24d74a4bd67355eb46e669

  • SHA512

    5257862e16b2b6711277db70b84d8936a3c56b7e3281f3a6f8e0f02b425495cb7b7b4d6e014631b7eb97447754a854cb28cf29c40020b33fae9a361c9e24bd9c

Score
10/10
icedid3415411565bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com
Attributes
  • auth_var

    1

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      44c632173b60e370595d1079183a06c0

    • SHA1

      64cb76c484c6afa3585aea4a1ba68239d3d13584

    • SHA256

      1590cfe165f4f1791fa0b2cfb969d9841effa3183c7c7c4207b0bb201674183c

    • SHA512

      d4d1bf870a52658e91e1af57149e4ca53b9fda4b49145b8b67721fa9774d5c05a92b4b420e349177a96fad6b18b612620aaec401f9e383fb545467e5b4bd9330

    Score
    10/10
    icedid3415411565bankertrojancollectionspywarestealer

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      unit-x64.dat

    • Size

      165KB

    • MD5

      0d82711ad2aa1c1f368044d5354ebe0c

    • SHA1

      b583791d4a9b0555bcacfc96cb0a1fdc68a8a120

    • SHA256

      4ea68de6023502f381034d45795cdfb8eb9d0cd19b8d4b94922075e004d78da7

    • SHA512

      7ae015a8ea5c3116a607bb6aa7a525b6d08c916102f3da555efbccacdcfa67d88444447a8b4fb4f2648e7de4c9e11334e99326b581f1820cabf034d3f0373703

    Score
    10/10
    icedid3415411565bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks