Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

pumpkin-32.dll

windows7_x64

10

pumpkin-32.dll

windows10-2004_x64

10

Resubmissions

17-03-2022 16:28

220317-tyt45schbr 1

02-03-2022 07:56

220302-js74psdhh5 10

24-02-2022 19:52

220224-ylj6maehbj 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    620KB

  • Sample

    220302-js74psdhh5

  • MD5

    0b90bb9d39feb6b704b08fb7dcb6048f

  • SHA1

    a52b9e8f749789e81c55e7894ffaf62807e444bd

  • SHA256

    852d511a9276c1004efcdc148e70aecb973948389be1094cdbc850c4face77d6

  • SHA512

    961dd6506e4ac027f6c94cdb2869f747c60c31223593ae3c0ef3610af115937fe24784b4f0e56301bbef46ef4ad9eddcd945b35f90e63c5c836eb37662a99470

Score
10/10
icedid3560182600bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      188B

    • MD5

      5d557256208a36dcd239278ba626f30c

    • SHA1

      1e54238d55ab57ab5e7b787d3f369d6a02374d2b

    • SHA256

      26cfdedc156563695d6188240fa38ee5d3b29e468dee368facf66b8710eae3e2

    • SHA512

      2cd8215e99f4d61035747670dd2109aa806fe4c505648982926bb1bd886eadf1da583823e019e8af34939531bf669b6ffb19a334f3c3e678c56a7f5ebe2745ad

    Score
    10/10
    icedid3560182600bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      pumpkin-32.tmp

    • Size

      600KB

    • MD5

      b3afc3fcf6756131e897a5234707e422

    • SHA1

      82684fd3a133ad4be9abcd8f95e56eea403e4706

    • SHA256

      3055bfdc5fee78ad2b92fc4b1a35a4632a1f03152fc7e835a7f21d41e44aeb26

    • SHA512

      a860a193ee62045fbb0da4ea6735913cee6a9786008a487a2f8755a3d1dceea73b74da8301af5a4e1ebec2ae88d581e7be07f620cf90461047eda790673b9b88

    Score
    10/10
    icedid3560182600bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks