Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

impulse_x64.dll

windows7_x64

1

impulse_x64.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    365KB

  • Sample

    220322-wt9p5sdaal

  • MD5

    a4f9d1b24df9a3b512d3649d8a6bcbd0

  • SHA1

    1118ebc3431ef67ef36f1b07733dc11d3ad80ef8

  • SHA256

    e582bda9eac4bc3331d0344802fd3c8b1aa3eb2bff001cadb7ef5b66acbf8da5

  • SHA512

    b4b693cee2c4f6235ad983dc9b65554fc8c1f25ea626e19259776e37ce150eeb888e83aefeff72acd7e868510191850f215807f65bc977de9d53e6b3138f8c68

Score
10/10
icedid273095221bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

273095221

C2

qwesteresiler.top

hoseonlin.top

fallhuma.top

nefitsonyo.xyz
Attributes
  • auth_var

    3

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      190B

    • MD5

      90d45afa6d19dcdb77acbf7feb7e6acd

    • SHA1

      1d2082578ee2754f8a1832b43d34d2981e45349c

    • SHA256

      94ff05e826b154bce6b9dd22edf2d01d41fb61457a9e78943d4dba9e3e07f272

    • SHA512

      89c639562c183d1375a810378939fda3c8a08567c5a6e13eefd80ce711c8ed29e887af0dff1b845d6b44003055728048d819104f93bce3442b15cd3512905c5d

    Score
    10/10
    icedid273095221bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      impulse_x64.tmp

    • Size

      47KB

    • MD5

      44339859f207cef9ec6e6a376e505130

    • SHA1

      2af068457e66c9e821042c9ec064230fea3d649c

    • SHA256

      87bb5386fa3a670dad4c2c3dabb7021bf089fc1874c33b99168c10fc86f17bfb

    • SHA512

      79850b66c191b46503fdf622772fddb30a317b589243f793c09b32a4e80de65ca4d7fc92d6cf88ac9db15f6f6b6373d3c73fcb3a19b0225cb4d05c0e7592854b

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks