Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

country-64.dll

windows7_x64

10

country-64.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tnpfxabhhl 10

03-01-2022 11:01

220103-m43j5sbcb9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    425KB

  • Sample

    220222-tnpfxabhhl

  • MD5

    ed55a75a7de04b4a2418458ef5fb07f6

  • SHA1

    d4bf0a1062c7675712cfe25a785c06fd62650d68

  • SHA256

    59615b1fa43f785fe4cec58d44c5eaa47961e308117ffd4b5c3e9554ad29c1fc

  • SHA512

    aff1d71fad7de2fe10f075092e37ea9dcdf45c5b0f5f7cc40f9698df3efe98fca403453bb9e62eae619188ef2e555cd779bcd45ee5463515bf474219abd1270c

Score
10/10
icedid3106999479bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3106999479

C2

balliordan.com

oprenfirst.com

loremurs.com
Attributes
  • auth_var

    17

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      188B

    • MD5

      516bf69f7095a20782228e6694bdeddc

    • SHA1

      e28ab3207ed45a94cbdbd614aeea0c4d4e735dcd

    • SHA256

      5b122305b77821f70a0e95d0f7cbe5890e4c9062e05e72fd506877c7523d468b

    • SHA512

      b8463b7cdcb686816a3952eec8aa2be0b1a78c777331b27a91aa10190a2a9d2c1a7bb6920ab09e15f46a495047fa4cb02883a8a22a942984f3b46096899394a4

    Score
    10/10
    icedid3106999479bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      country-64.tmp

    • Size

      183KB

    • MD5

      f2e0df5fb7bf79180f46f6276e76c026

    • SHA1

      a2c1f906bd8b053711840a337a6228e07d2eef2e

    • SHA256

      96c8debea0c7a406853a1d7d30490cd80e24df7c1a490080be5b7a978d8cf3e1

    • SHA512

      4a1adfe06df283adbc6d99969867b8036d96b08a723c4da5b1377b1a7a0173cff63006a79318103bd422a79288bf43129855e67e9d7627451e41f2e95e928cc5

    Score
    10/10
    icedid3106999479bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks