Overview

overview

10

Static

static

coin_.dll

windows7_x64

10

coin_.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tntevsbhhn 10

29-12-2021 13:24

211229-qnl41aehd6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    418KB

  • Sample

    220222-tntevsbhhn

  • MD5

    690d86ead01c121e589a722dde2b2f4a

  • SHA1

    1b83bf4e3fc5824f7f5155297c3639a391cb2fea

  • SHA256

    5796a437dd7d59ec8f6321b5b309b590fbe32790de872c4cbf5990eceb4815e4

  • SHA512

    ccbd29e9839cab868916ef1b473739da7c04c48f4a86e9be480b46130b152674357f4de639b5604bb317ead409dcf1beeb6dec3adc739da74fa4a806e7800e8a

Score
10/10
icedid4221486031bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

gladmitter.com
Attributes
  • auth_var

    3

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      coin_.tmp

    • Size

      168KB

    • MD5

      86ca4e1a615a597f75680a65ed980c29

    • SHA1

      c7ac192295f1d32f550558f1e92373e23949f721

    • SHA256

      477bce9457c040cd69f4853b20e1b3de3957f15ca39d2a2d95bb8e1153d0d0bd

    • SHA512

      2ad88296cfbdb5af9865a575f1460178b449c96f46434d276c93d450087dba0f4fc3defe6659f1115fd77413f445486c4069c3ded8809f73dd3614608f3b75f2

    Score
    10/10
    icedid4221486031bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      core.bat

    • Size

      178B

    • MD5

      cbc2ea3eb64c0f67285c81aa8ea96706

    • SHA1

      cbd6dc70e9c737e7f8942a37245294d7e71a4939

    • SHA256

      1de3497f0ffceb8538797bdfbcae232ce67086dfadd576de614e229c4e7304d6

    • SHA512

      75d795ec30dce1dc9345d002b25783645b551dbbf41ac3b72d0940a4671915108ae4ebc90e937c85c49bb9873b9f32784f8d4f93f2f7e55e0d76e401b314b90f

    Score
    10/10
    icedid4221486031bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks