General
-
Target
file
-
Size
362KB
-
Sample
220308-xd7raaaeg4
-
MD5
f7c6415bfe41a6001c36828a34ec954e
-
SHA1
e1c6d6745cd703b4f46e03c9fe99bc893583d408
-
SHA256
9424e361d1fff5dd475b78a0436413a0ba022d3e4e0d13967bf7a27362f3a144
-
SHA512
e7c82f7febeb788bc9c7487a76db9aa17fcae7f812c0ec073c751027bad6e5b59c62f77420ba002ec795a9ea460a88a317db15e2f7cc7fe7c144def40640e251
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
pistol32.dll
Resource
win7-20220223-en
Malware Config
Extracted
icedid
273095221
loniferast.top
hoseonlin.top
fallhuma.top
nefitsonyo.xyz
-
auth_var
1
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
184B
-
MD5
4766e3cd2f4eb06fd1563a3dd3a7704f
-
SHA1
cdb45f46f51bce83cedf8bbd1b7be775d32bad60
-
SHA256
61ad4c75614d2a61ffb2423125d87b56eab3bfe3046f4c41e7ce402b3e512ed2
-
SHA512
4d4c8409cb662989c1ef490291b959928a2a5ac4e98cde4106ea6a0ea1eb8b055603edfa136bb4c0ceacb4bc651ab557eddfb9731a5776290d2e7669b7838a4c
-
Blocklisted process makes network request
-
-
-
Target
pistol32.tmp
-
Size
43KB
-
MD5
55c3137ff1fb18f315a42e41e00c97a1
-
SHA1
b798ce92577de625ae4f4cbd15a5b37f832e142d
-
SHA256
58d60dbbfde0e93ed83c1656660252fc6d192532cbd5d122c39c0481848a22f2
-
SHA512
a9b7ad7825c06296a01a02a6fc287c231470b9ad105ee6d5a5006c5521eed3a41d0f99b4c97262dad0a718b62bb25e52ec0fd469fad8699f8ab651ffcf14b4d2
-