Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    685KB

  • Sample

    220218-vsggjacga7

  • MD5

    22d90a67dd155b186a50e9fcc140c6c2

  • SHA1

    6f5f791e334bfab40f1feef3f99144da969da94e

  • SHA256

    e903d91fbb20cdc5aa801a6e8e6908c3d5611afb7415942a5b15f2c6871afceb

  • SHA512

    1b5defdb5c52f922f79a13a08e13e0499fe9650f246a5e75a9f24fb93fd21b08319ec7df8417036032f0f93887fb68abe8428ab8f262c782bd5c59b074626b8e

Score
10/10
icedid3560182600bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Targets

    • Target

      core/cmd.bat

    • Size

      190B

    • MD5

      f22a14911b4f160eac74e4df6d950efe

    • SHA1

      d68827638e8dd21f4da5814979d0c835a6a0fb79

    • SHA256

      663f8c98f7866d7150385adec8725544d8b95481b6e04a040cf8ff93d5eef50c

    • SHA512

      d005b35a3d8ec481a562c0439e4b8a4e618cfadb07b6d9ff47ef8ba45466699262e134a7dc69febcbca95e0f3e8b08a66644aebcb3ae1174bce5cec2b61dc864

    Score
    10/10
    icedid3560182600bankertrojancollectionspywarestealer

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks