General
-
Target
file
-
Size
634KB
-
Sample
220222-tn8jsacaam
-
MD5
73f9531c33a8ee75d2a6eedc32835cab
-
SHA1
a07d1c2014e849d040047f3cee46e1613df253fc
-
SHA256
e3b85363035e80c9fb11e3d517a8e253ccf062cf765c4910152b6214e62bf5a9
-
SHA512
f73ca99f0fd5aaa903a1b8047bf788fbdc64fdbcbbf3101319268d4911584be4156e5c108fa0ad8a8db03077a781b3044c81f1276c5ca9bd5e7a934c83338e59
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
resource-32.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
resource-32.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
1892568649
baeswea.com
bersaww.com
biglaneat.com
northspaceline.co
-
auth_var
11
-
url_path
/news/
Extracted
icedid
Targets
-
-
Target
core.bat
-
Size
190B
-
MD5
c8afb0bf0f2192b0cb15807173baf59d
-
SHA1
31fb3103ad4f4bb2ba0e83a8dfc74203e60257a3
-
SHA256
3bc22c6d962d54431d09f4a426694c71c976d7a38ce2c878f08905aca32f3106
-
SHA512
4ba3c2e2582fcadae32337e40611b8e66988c4aa0f781fb049bf65f8e32b4a6ae50b566edb2d3e0f95a398433f9dae3943550d349c8357d57dc10bd9018a0fb8
Score10/10-
Blocklisted process makes network request
-
-
-
Target
resource-32.dat
-
Size
884KB
-
MD5
61f14eb7ddb2d867ca61dec75135a3b9
-
SHA1
f0651504c36b3085359b70cd41d00b6f43980568
-
SHA256
33c3bf2de3373f167c8eedf46036647fa7c69b3d25ded9748f000c44b08b0e31
-
SHA512
84ce440dc726c252fe82b92164774fa6dd5deeaf47939e4ac3c65715b958275a4240bd26ed3d86c2e24daa7f78ef0f4efb9d675be188f090ed259aa4f9d80893
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-