Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

resource-32.dll

windows7_x64

1

resource-32.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tn8jsacaam 10

18-12-2021 11:29

211218-nl142affhq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    634KB

  • Sample

    220222-tn8jsacaam

  • MD5

    73f9531c33a8ee75d2a6eedc32835cab

  • SHA1

    a07d1c2014e849d040047f3cee46e1613df253fc

  • SHA256

    e3b85363035e80c9fb11e3d517a8e253ccf062cf765c4910152b6214e62bf5a9

  • SHA512

    f73ca99f0fd5aaa903a1b8047bf788fbdc64fdbcbbf3101319268d4911584be4156e5c108fa0ad8a8db03077a781b3044c81f1276c5ca9bd5e7a934c83338e59

Score
10/10
icedid1892568649bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co
Attributes
  • auth_var

    11

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core.bat

    • Size

      190B

    • MD5

      c8afb0bf0f2192b0cb15807173baf59d

    • SHA1

      31fb3103ad4f4bb2ba0e83a8dfc74203e60257a3

    • SHA256

      3bc22c6d962d54431d09f4a426694c71c976d7a38ce2c878f08905aca32f3106

    • SHA512

      4ba3c2e2582fcadae32337e40611b8e66988c4aa0f781fb049bf65f8e32b4a6ae50b566edb2d3e0f95a398433f9dae3943550d349c8357d57dc10bd9018a0fb8

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      resource-32.dat

    • Size

      884KB

    • MD5

      61f14eb7ddb2d867ca61dec75135a3b9

    • SHA1

      f0651504c36b3085359b70cd41d00b6f43980568

    • SHA256

      33c3bf2de3373f167c8eedf46036647fa7c69b3d25ded9748f000c44b08b0e31

    • SHA512

      84ce440dc726c252fe82b92164774fa6dd5deeaf47939e4ac3c65715b958275a4240bd26ed3d86c2e24daa7f78ef0f4efb9d675be188f090ed259aa4f9d80893

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks