General
-
Target
file
-
Size
398KB
-
Sample
220222-tplfmscabm
-
MD5
ab19a1faedf6add1d7e1bd4270a66de6
-
SHA1
fb506312c7a0ed2e77ecc977be79479c6a805bf4
-
SHA256
f4c75386c042b8ac7fb221192727fd7cedd9b8471438a521d72f1e54f5b24812
-
SHA512
59666e1e856d292246c8f70cbde7388f5ceca6b26158eb1dad6efad83464aa1296b9d43058a611e95fa88c0c56c04eaf92fce17d7dc76845ccfeb4eb16e89854
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
cruel-64.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
cruel-64.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
Extracted
icedid
3494996616
holniakea.com
lhaerty.com
grandtexen.com
flourmat.com
-
auth_var
13
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
184B
-
MD5
1c7f1fcc4e80e8c7ef57b919351c20a4
-
SHA1
8ebbc93b12aff72608388e9a1d4e20dfe71e9b20
-
SHA256
64ac497d087884c75c9ea0c95af4fe0a8579d4a27d125244dc780de50c66a432
-
SHA512
a9e7dd2544a584390a41e0cfbaded9373de11bac06d036fdbfa0ee6a965ac60f20115256e91b614d8e7d4e787c670f47886ab3d6c35d89e20ed055fd610ed1a5
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
cruel-64.dat
-
Size
155KB
-
MD5
e2ed0e69a3cb39fd5a3c0f432bbca95f
-
SHA1
09f59bb06247db6dbce4b20a3b2063f3b7ac72f6
-
SHA256
413e4f36dc29b4228036d9e1cd480e8121e9795cf94ae349b5e6649d71d50a33
-
SHA512
6d50c9f573273860392120c1254e881af78193d6b8f05e47ad2f1ca270b4192490e9b1000702dad5ef2cb903c928c90456d79269cb478660aed35ca228279397
Score10/10 -