Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

scorpionx64.dll

windows7_x64

10

scorpionx64.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:11

220222-tnddmsahb8 10

19-01-2022 18:29

220119-w5ap7accep 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    343KB

  • Sample

    220222-tnddmsahb8

  • MD5

    110ec3c48f1d9f8341e0e506c9e6d183

  • SHA1

    0a2c1805e6429c9c103e787596459e5ebeec7dc1

  • SHA256

    b635b49555c431f9c58a52d54007b140dc969245f5a821395c5d0b77e1ba3e7d

  • SHA512

    a44f285e6d5ab4c07061455b35ec48ea24339006d07beac333afd42304cdc594d3b35546ea8640c7bdf3b40fa3b93a9452fcc15ad2690427119c021e11ab7d5b

Score
10/10
icedid3415411565bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com
Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      190B

    • MD5

      5643357071a13383cebbfba6badd3f5c

    • SHA1

      73489b25328d8ccf3e6a3d4e9875053f42aec325

    • SHA256

      d0f5468b19c1f1a8fc73ce4ff44543bb6806c6e4061420c91913d8de89eca022

    • SHA512

      89d780d4f900f49e9b3987924f9e3439b2f500af41a085f612a64e78b7452b89c9b110c563e514b9c484730a509b84e4ea568d58193f325f66a500c6db969f61

    Score
    10/10
    icedid3415411565bankertrojancollectionspywarestealer

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      scorpionx64.tmp

    • Size

      26KB

    • MD5

      8f622f91a72606fb416bd018ebab2a89

    • SHA1

      11570558833ec1e2243fb12d669758e25c85a873

    • SHA256

      7069a8c1c21038a55d8b7c550696198d128cc30965830bada326fc0453fa0580

    • SHA512

      1814c989cf707eb0edcd97971ed3f981a2468ee1f8f0b740922dd1ba0a8a8f7fb6cf9d4c93404013207f2ba593377668234f4f8faa4b855feece4360dda7ec0a

    Score
    10/10
    icedid3415411565bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks