Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

strike64.dll

windows7_x64

10

strike64.dll

windows10-2004_x64

10

Resubmissions

07/03/2022, 21:46 UTC

220307-1my3aagbh2 10

28/02/2022, 09:51 UTC

220228-lvldtsdhg4 10

24/02/2022, 19:51 UTC

220224-yk4hwaehap 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    619KB

  • Sample

    220307-1my3aagbh2

  • MD5

    7631d7abc1bd5ad9777479b7cd36bbfb

  • SHA1

    c8fc486efa31b5967021ba4806c4f5f5801fccb9

  • SHA256

    f5628f5e31a100bd7f64c47908035d5b9b35f7f375e2a13d25b2370b8500b9ca

  • SHA512

    66deea8b7b4f4335a71fbe2e8c997e938af2a0711b842d1d6ab012d79873709575715e2cecc1ec90127361920dfd027ceba2b8ebd948abe73bac08cde54d8661

Score
10/10
icedid3560182600bankertrojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MGAwDQYJKoZIhvcNAQEBBQADTwAwTAJAAKQAAFJTQTEABAAAAQABAKlSRc15jKHF
3
IN/XH16Xs7H0+zt5y/M2AKBq1cXeePyLmhkS7duB17D/U9wqfzUSSwIIUHk7y9SY
4
9J8=
5
-----END PUBLIC KEY-----

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      59aa96fcaa1a3b7331758f7a7ae1f343

    • SHA1

      198ffe332e90207fdb7b97da04770b001c0c5cbf

    • SHA256

      5be1931accf2a90e273312b779a873e847ad965e6e11c04e9b83603d4e6e7491

    • SHA512

      c67253d6d602e150e85e121b2d8d9dedfa72c3ea1950d6a50a8e52a201f06ff9e701acee04b49e682158fb9860c77fd7ad117e20d9c4c8b03938e53e7d6e99c7

    Score
    10/10
    icedid3560182600bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      strike64.tmp

    • Size

      600KB

    • MD5

      b3afc3fcf6756131e897a5234707e422

    • SHA1

      82684fd3a133ad4be9abcd8f95e56eea403e4706

    • SHA256

      3055bfdc5fee78ad2b92fc4b1a35a4632a1f03152fc7e835a7f21d41e44aeb26

    • SHA512

      a860a193ee62045fbb0da4ea6735913cee6a9786008a487a2f8755a3d1dceea73b74da8301af5a4e1ebec2ae88d581e7be07f620cf90461047eda790673b9b88

    Score
    10/10
    icedid3560182600bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.