Resubmissions

22-02-2022 16:11

220222-tmycesahb3 10

22-02-2022 16:10

220222-tmvxasbhfm 10

17-02-2022 17:57

220217-wj3h3scgd9 10

17-02-2022 15:34

220217-sz1gwacehj 10

General

  • Target

    file

  • Size

    688KB

  • Sample

    220217-wj3h3scgd9

  • MD5

    1476db37133a4ee13c06ccf8535cbcaf

  • SHA1

    a2291667ddc83ca261ac06b7d96d617f24239ec9

  • SHA256

    53ae67abfc5065a0a7a9d1e7045d06496dc7aa7c6eabd851514a457d3e7f0e61

  • SHA512

    62e76ba0109372de92ee290c746a6d5564d32bb0a972de706be630b19451cc25d2e6dbf3018ee8136cc4f53d26fedbfddce95871910f7804b78636fcf9ec934d

Score
10/10

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      58bf5ed00d983d8269d9f2e31e6586e8

    • SHA1

      664e4ea375e9066d82e7d3baa167f0bb024a7c1f

    • SHA256

      22adba0cadd8772ecf2190561fe86e9ad8609b01783a90c8f9635fd1dcba872c

    • SHA512

      68688d606733f4844fcaeff76b7b3577739b008ba8fd93f28b23999a81f42ae417938245bd9f620c15161ec085dd3de7b51c016526ea3109dcbb142f0f5cdc14

    Score
    10/10
    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Target

      grunt_64.tmp

    • Size

      570KB

    • MD5

      35295c028c8428948a92043156679447

    • SHA1

      a8ab397f5d7e50ddddde8923af0b57e68adee9bb

    • SHA256

      3f5d8249fb461ab74dfe7d88a7c5f1f2e46521a8c02173767ec3e02c990a723a

    • SHA512

      471447f23291fcf12930d2b533de60dc29453315414ea29b46d092d908d72d990fce3c5f541d1b47eaa96c16c8b197c8280cc52ad978c57b4e3066fff4b8bfb4

    Score
    4/10

MITRE ATT&CK Enterprise v6

Tasks