General
-
Target
file
-
Size
425KB
-
Sample
220222-tnpfxabhhl
-
MD5
ed55a75a7de04b4a2418458ef5fb07f6
-
SHA1
d4bf0a1062c7675712cfe25a785c06fd62650d68
-
SHA256
59615b1fa43f785fe4cec58d44c5eaa47961e308117ffd4b5c3e9554ad29c1fc
-
SHA512
aff1d71fad7de2fe10f075092e37ea9dcdf45c5b0f5f7cc40f9698df3efe98fca403453bb9e62eae619188ef2e555cd779bcd45ee5463515bf474219abd1270c
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
country-64.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
country-64.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
Extracted
icedid
3106999479
balliordan.com
oprenfirst.com
loremurs.com
-
auth_var
17
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
188B
-
MD5
516bf69f7095a20782228e6694bdeddc
-
SHA1
e28ab3207ed45a94cbdbd614aeea0c4d4e735dcd
-
SHA256
5b122305b77821f70a0e95d0f7cbe5890e4c9062e05e72fd506877c7523d468b
-
SHA512
b8463b7cdcb686816a3952eec8aa2be0b1a78c777331b27a91aa10190a2a9d2c1a7bb6920ab09e15f46a495047fa4cb02883a8a22a942984f3b46096899394a4
Score10/10-
Blocklisted process makes network request
-
-
-
Target
country-64.tmp
-
Size
183KB
-
MD5
f2e0df5fb7bf79180f46f6276e76c026
-
SHA1
a2c1f906bd8b053711840a337a6228e07d2eef2e
-
SHA256
96c8debea0c7a406853a1d7d30490cd80e24df7c1a490080be5b7a978d8cf3e1
-
SHA512
4a1adfe06df283adbc6d99969867b8036d96b08a723c4da5b1377b1a7a0173cff63006a79318103bd422a79288bf43129855e67e9d7627451e41f2e95e928cc5
Score10/10 -