Overview

overview

10

Static

static

bless-.dll

windows7_x64

10

bless-.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tnypksahd6 10

24-12-2021 02:56

211224-de79nacbe7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    504KB

  • Sample

    220222-tnypksahd6

  • MD5

    ba7e3ba65c2855a6c3e46c4c988a5a43

  • SHA1

    3db383933c828443d4173fc1acf967d727d1a396

  • SHA256

    62109cd7f5bf3084c996968db5de682e1d4a9c3733160447bc540f628e7a4cdb

  • SHA512

    f970ea463a4562603a1c67bcf9386254e6f5f3845e8f4f532d7c6a1a603dd3e8ff7db8a380dbeff60852da0895bcd820ff2036dbd1556415ecba2a2a9c3479f1

Score
10/10
icedid1677997313bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1677997313

C2

asrspoe.com

aviospe.com

applesflying.com

badgoodreason.com
Attributes
  • auth_var

    18

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      bless-.dat

    • Size

      330KB

    • MD5

      dd2b6d7007ee249c0679b52d306dc421

    • SHA1

      13f44e5f9c05a4c8b2b7655722ab36619642c858

    • SHA256

      c8cd2a2b0767b5220f9fbc6ae9b99ba97a9ebaae252146e6c9b395180fc7dc4c

    • SHA512

      c6003888ab5d03a6b47b5340c845d935c5a0d90e8b67d56fa2c8fdcd039089f382a0221cc6ab09e5f83742d32ed3032317469f52ac99cb105aa884cea8c082cc

    Score
    10/10
    icedid1677997313bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      core.bat

    • Size

      180B

    • MD5

      530cc5b8dc0b57fec8bcb7ed6675d18d

    • SHA1

      25bdb516f4480a2aad04e7f9c486be09e4040b2e

    • SHA256

      f054d2174a93ae6121603c15a954c45e52a0d88536e0a11b5d98b7bbfa52d7b5

    • SHA512

      2b5717fa4dc5247b1b94a96ede0d698679b379c0129c02d97da44a7833f1086feabf98e39c1613e40241f9c72f04fb0a48821061e9bb2d34b3ec847f33eafb4b

    Score
    10/10
    icedid1677997313bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks