General
-
Target
file
-
Size
626KB
-
Sample
220225-2n8hsahcg3
-
MD5
929dd984894ee984ce682fe3acba55af
-
SHA1
c2f2be87a9641df2defa7f776cbf5f5de597cc6b
-
SHA256
6325b863f21d53e98a808e05d83a18740b969b9101698e66d2041fad6b392e36
-
SHA512
5a6cf5b3435ec0aec24bf42ce1f3dc70dd0ff15e33594ed183e49297656c1930db418fc2fde617d24f789e52666545ce0b8297fe27a5280b739a5d4c2f147a39
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
ridex32.dll
Resource
win7-20220223-en
Behavioral task
behavioral4
Sample
ridex32.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
icedid
Extracted
icedid
3560182600
coolbearblunts.com
cooldogblunts.com
-
auth_var
2
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
182B
-
MD5
1c494d1c28af9cac5e1c26f9b9f79ce6
-
SHA1
fa138fdb8e22df8c6c04fefbfcc53be7bb20d017
-
SHA256
ae1821dda2a90fe35076771f7ea8619c4be1f3a7f2ec743875b016ba1f29ca4e
-
SHA512
bedd23fc38ee62a807933a850454de53d6ea1ef96c4d9758d69cf7695a58cddce357066773f91ee363b6743804ac1a8c23986b9dc9ad92c75afac482f5cfa415
Score10/10-
Blocklisted process makes network request
-
-
-
Target
ridex32.tmp
-
Size
516KB
-
MD5
84fe5ea0c194f8a2c05c309fbdb60b66
-
SHA1
fbe82b2cedee2c3e0598fad8c35cd753220cdd25
-
SHA256
bb4e329e8e03b60002a2d6d22c50ac8c23a786af5d70ba7d48bd53dff093e27b
-
SHA512
90c6a6e9cacc1cebc655203ccbfa44730b1bd5d5735c797cf6935983537d7dfbf2c5c53e5d6fe88a87fa83e53f5ed4a46c955441662be387974b664e25c47057
Score10/10 -