General
-
Target
file
-
Size
363KB
-
Sample
220323-xteqfaach3
-
MD5
1eea61d74ac2d0230e6b55218cedf87c
-
SHA1
aa1f238656bcf1a83e93e5aabfbb05f6a92817d0
-
SHA256
869e8b742394a505f495ce94d01782d58b9afc7327940a2accf2042fc0972b83
-
SHA512
a6c74bf6d1657c51cb3c0590a5b94b9ccc11976c7305b36aa925c39f5afaff0bdd861cf5f4ed6b5a980b93c495ef637af9fcdd2c43dfbc330377202d545556be
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
health-x64.dll
Resource
win7-20220311-en
Behavioral task
behavioral4
Sample
health-x64.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
icedid
3036889562
stooryallice.com
yellowpyrrol.com
roomdetect.com
environmentbest.top
-
auth_var
3
-
url_path
/news/
Targets
-
-
Target
core.bat
-
Size
188B
-
MD5
1bc88881c82f35426e48f27de5c98003
-
SHA1
766fb820b706f21dd3d37efac8e937daf485d9f7
-
SHA256
eec0e5a1a8a21e713fe480883a9869a894c80a409ea06929de805e05c1ee14d6
-
SHA512
5c1d72bf225d8d07141b52cfcf22f13f8e2d0c34b6ed22d0adc6e68b3cf767ff54415c7178a8f6db2e66e819f28285cf9d1680777285138f7f8b08a83d8fa009
Score10/10-
Blocklisted process makes network request
-
-
-
Target
health-x64.dat
-
Size
44KB
-
MD5
0c0ba99c34541ceb15aeef59f7f9dc1a
-
SHA1
649c6b086552d70889dbf0add2ba9de9af5c31fd
-
SHA256
f7c090881ce1fc5672604ecc2000cfe952b72a72bfbe631db8c9991f18ba2944
-
SHA512
46cab08fca4b0c8221ab3840459b9591583e90f7335f319c792a6d12817fe56191f2fc78a84d0243f5d3575f723b775a9405f0b184bb47d97692d10e63ee02f0
Score10/10 -