General
-
Target
file
-
Size
389KB
-
Sample
220222-tnz8eaahd8
-
MD5
e0a1fefd8949d5e6e81f76eaf79ddf15
-
SHA1
a9cff9465aaed9651a211237c6c8358146e8f209
-
SHA256
1869b01be54906afad08381c3e9cf6eda44d368befb2db881eb12a92b4eae882
-
SHA512
11e2b40fa7ae0fc3ce0ab5d45654fdf6a282ebaea846029e525b46db50ba99153a094ba80eb3b7235c40841cb47cf70bad3520cbe0d173db2d0639f5bef0bffe
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
master-32.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
master-32.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
Extracted
icedid
1892568649
baeswea.com
bersaww.com
biglaneat.com
northspaceline.co
-
auth_var
11
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
186B
-
MD5
df0fb1bba8b591ef1a391c96453b02c3
-
SHA1
81570776a0d9aea2c3d37bfe9ff949e7d83eca75
-
SHA256
8c8c0977b4751c69bf957a64e21f7f657007ee092c2a62999d8541c95c0b7022
-
SHA512
a406301acd43039d3b7de8a878a0a5d52d3b6e065b5900a8357958fe3f5d638b61d085f7e610b13a73af062df1b56948e87c8ae0e660b317917ddadd7863fa6d
Score10/10-
Blocklisted process makes network request
-
-
-
Target
master-32.tmp
-
Size
111KB
-
MD5
b5f6cf31669b934da14ffa6fddf5dd3e
-
SHA1
a09b486da87cf834b57dfe955605d6cc7a8df0f1
-
SHA256
a32eae0d939f077c13c8f96e59e7c03fc3256f17992b11fcf7df81041fa156ee
-
SHA512
3bef955dcb84029859955af1bb0b9c6b68371306367a628c110076d747373e6ead51f84fa9191d5ceac4c2c7e217c2d462df1e539411ab41bb4181d8662f63bd
Score10/10 -