Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

cruel-64.dll

windows7_x64

10

cruel-64.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tplfmscabm 10

13-12-2021 19:49

211213-yjqwdsebc7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    398KB

  • Sample

    220222-tplfmscabm

  • MD5

    ab19a1faedf6add1d7e1bd4270a66de6

  • SHA1

    fb506312c7a0ed2e77ecc977be79479c6a805bf4

  • SHA256

    f4c75386c042b8ac7fb221192727fd7cedd9b8471438a521d72f1e54f5b24812

  • SHA512

    59666e1e856d292246c8f70cbde7388f5ceca6b26158eb1dad6efad83464aa1296b9d43058a611e95fa88c0c56c04eaf92fce17d7dc76845ccfeb4eb16e89854

Score
10/10
icedid3494996616bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3494996616

C2

holniakea.com

lhaerty.com

grandtexen.com

flourmat.com
Attributes
  • auth_var

    13

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      1c7f1fcc4e80e8c7ef57b919351c20a4

    • SHA1

      8ebbc93b12aff72608388e9a1d4e20dfe71e9b20

    • SHA256

      64ac497d087884c75c9ea0c95af4fe0a8579d4a27d125244dc780de50c66a432

    • SHA512

      a9e7dd2544a584390a41e0cfbaded9373de11bac06d036fdbfa0ee6a965ac60f20115256e91b614d8e7d4e787c670f47886ab3d6c35d89e20ed055fd610ed1a5

    Score
    10/10
    icedid3494996616bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      cruel-64.dat

    • Size

      155KB

    • MD5

      e2ed0e69a3cb39fd5a3c0f432bbca95f

    • SHA1

      09f59bb06247db6dbce4b20a3b2063f3b7ac72f6

    • SHA256

      413e4f36dc29b4228036d9e1cd480e8121e9795cf94ae349b5e6649d71d50a33

    • SHA512

      6d50c9f573273860392120c1254e881af78193d6b8f05e47ad2f1ca270b4192490e9b1000702dad5ef2cb903c928c90456d79269cb478660aed35ca228279397

    Score
    10/10
    icedid3494996616bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks