Overview

overview

10

Static

static

also_x64.dll

windows7_x64

10

also_x64.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tn221acaak 10

21-12-2021 17:49

211221-wd1sasfadr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    389KB

  • Sample

    220222-tn221acaak

  • MD5

    ca49ed6b727f85eba55c3d7a60f17c51

  • SHA1

    f4ae97d6aaccdf902b5fe3278ce87e3894a29bda

  • SHA256

    28f0952a7b23d7c54ee3b7f2b093d5c134a4ddda4b893901f60b08f6fe9670af

  • SHA512

    3408d2dd68134d61632626b1be6d4653c6e16538bab6f691d398d1beffd8e636532a56863df41934b81dac98add280b9c53889844c1f93eed28843827a4413ef

Score
10/10
icedid1892568649bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co
Attributes
  • auth_var

    11

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      also_x64.tmp

    • Size

      111KB

    • MD5

      b5f6cf31669b934da14ffa6fddf5dd3e

    • SHA1

      a09b486da87cf834b57dfe955605d6cc7a8df0f1

    • SHA256

      a32eae0d939f077c13c8f96e59e7c03fc3256f17992b11fcf7df81041fa156ee

    • SHA512

      3bef955dcb84029859955af1bb0b9c6b68371306367a628c110076d747373e6ead51f84fa9191d5ceac4c2c7e217c2d462df1e539411ab41bb4181d8662f63bd

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      core.bat

    • Size

      184B

    • MD5

      b7ec191dc893eecebe9c5f00a22841d1

    • SHA1

      f2a6880355d5ef26dd09158b9d5f73281626c755

    • SHA256

      0f4d1dc0f519b8f0111aa1c1cb0827328a0cdb265e8ec3c0e130e0707e61556e

    • SHA512

      2f275e5c5b290c016d1b2c8b66d0b837fa93c94f1651d368fef2b01703accf1e0241afc5906ce1531fe5d34b4523c77f219629f62f9cac665b3095aa4864cf29

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks