Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

disagree_64.dll

windows7_x64

10

disagree_64.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tn54naahe4 10

16-12-2021 20:28

211216-y9dzhschb2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    386KB

  • Sample

    220222-tn54naahe4

  • MD5

    71d5b8c8428f8e2d49d622a278bc0f9b

  • SHA1

    6670e41ef8d4c2009e2724afb68bf3a4c8dde74d

  • SHA256

    4a1e79e6833daa66920cf392b5d8824c974f949b8cf030f84c7cdd614a7593e4

  • SHA512

    17db1352f21e0403c175c221a0d9401ac959a6f6cd34bf6a10c8ea88fd3e72a7d9ec30ca560717b8fc57e583be0c6941ed7c027309c8d8a3dd39cc0b60925a0c

Score
10/10
icedid3106999479bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3106999479

C2

balliordan.com

oprenfirst.com

loremurs.com
Attributes
  • auth_var

    17

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      190B

    • MD5

      b371a32954a65fd25242c7bc6ee7d016

    • SHA1

      7b578f9159af52d1d28cfaf51d98dfe981ecf051

    • SHA256

      4b9de41732720ad65ebc31cdefd50c4586dfac2fbdd7cd572212ecfacadad78e

    • SHA512

      dced839b0fd50d9e20a8781e1c81f366361a4e3471b61253ac999e160acd144bc2799f6e907cca31dad129fee9a5831bb820f0076524e57f3dc3174e325d8a7c

    Score
    10/10
    icedid3106999479bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      disagree_64.dat

    • Size

      103KB

    • MD5

      6837a588065ef9365f0aea36f5d55d87

    • SHA1

      c2cfda21f94897fbde9860f2aa52226666861afe

    • SHA256

      b633239177bf929bcd2a9f043afa4e372d310d100eed7512733091f2e8a39371

    • SHA512

      83d70ae29404145e73fde3df503204c47601545189df2e6c9887d6eaa2081d59c54b96784772f036807883e3300d95fb3ff7f0045fbc37e079142f153d80a9fa

    Score
    10/10
    icedid3106999479bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks