Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

famous_32.dll

windows7_x64

1

famous_32.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    365KB

  • Sample

    220321-zawkysaaen

  • MD5

    04a10dd0d064f3fe0ca229d782abc4b1

  • SHA1

    898483e41ee7037fc55f9114258434c045fe8f83

  • SHA256

    f31cbfe50f6b800f6911e47e9784e3a7ade35538c514248d01efd310a9b060a3

  • SHA512

    8d078ce7d7efecba870cef8e82305d8ff7e76d036c2f1b481ebc22e779164b955102decc14165f7994d798ee216cd8d772e3e8a664ed2f391661687701fce1e2

Score
10/10
icedid3415411565bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com
Attributes
  • auth_var

    16

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      186B

    • MD5

      5acb1a1562189471386f35e8d857671f

    • SHA1

      1a613777a8af69159de7ea50959a67265c00f524

    • SHA256

      5f037bbe5ebfe76ddb18bf9864f2747ef46e5083b7ce3d8c4694b8fdf228f51c

    • SHA512

      11a89de54632b8daf09853456fafd7580c9eb46e310c495c3e5b1e52d338e68bf92a31c371d55eb47ac8e94661caefbed1265e1351c448836ddef465f49c00e1

    Score
    10/10
    icedid3415411565bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      famous_32.dat

    • Size

      46KB

    • MD5

      480a3b3ad65324bd61e4ef311282ad50

    • SHA1

      ece87bb9d61df1e4bb23011b06e82f95ce79387d

    • SHA256

      bfde8f5f3455981ea8c63a1206182ef2b36ba2b0722c82692beeb17b8b0dde68

    • SHA512

      282e981996a105c30c17a1d02a4f842049b6a4c10347732c9cc47c52367228e45c19658aa00da0d77a4225c3c89c14ab0a98e6e930c8f7a5abd9825cf2cc9108

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks