Overview

overview

10

Static

static

candyx32.dll

windows7_x64

10

candyx32.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tnhclaahc3 10

17-01-2022 15:06

220117-sgt75sagf7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    346KB

  • Sample

    220222-tnhclaahc3

  • MD5

    38d9e7067038bc4e78f47231e905c9b1

  • SHA1

    5c81bb71384b847c92ee922bc7e9e5039963366b

  • SHA256

    1dfd99a229d515f8223d61326dae02b6e8344136698e99ce834fcd07296eb841

  • SHA512

    afc7414583d25cb63553dc6298790d517d9ddc969fbb5b33586cabbecbb0a57548b3dcc3a7d5c80372f245f40920839c3cdc7598dae86a8b80a3078ac8945d3e

Score
10/10
icedid302245654bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

302245654

C2

imilarquestio.top

heywanted.top

minimike.quest

alsohavethis.top
Attributes
  • auth_var

    5

  • url_path

    /posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      candyx32.dat

    • Size

      63KB

    • MD5

      26cc03d079e42949b14531f928270fde

    • SHA1

      7637f33593dd3ecc0ec3282c2b5f01144e1469e1

    • SHA256

      a4c4595c433df98705676f3503c5cc7e13c352a2e0b73587f4ed7424b25720c1

    • SHA512

      bd66dfd4cdfc69787ede1dcf14f69d9e7f65e34ddf94636d430f20afe532f75601fc8115529eb036ddca7654a9f454ea62e003ea3313d0729b931765f52f9808

    Score
    10/10
    icedid302245654bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      core.bat

    • Size

      184B

    • MD5

      8e8c8dd91722dd16c50d410e921dfca2

    • SHA1

      62524925b4f9c124d244aa9c42109877f36ff3fe

    • SHA256

      4e46bcf388758863f9938fb095521c0bfb5c8f41942341f3a6aa0e0e48e7672d

    • SHA512

      90de5ed56e2fdaa1d69315a19e1d6242b0ff5f6e41347893f98d02bf3f78a31cc954f8a193ca94e93942178928ddc5dc303bbce9bd4fde869032ea32831c6a4e

    Score
    10/10
    icedid302245654bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks