Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

paper_x32.dll

windows7_x64

1

paper_x32.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    363KB

  • Sample

    220327-3g8ewaaedj

  • MD5

    7a9c3e19f93e9d094155bd135ca0baa2

  • SHA1

    9eb432a6a6d03fd280191061f758fdd76c63363a

  • SHA256

    187364ccb5e949f03459e59f086ee3423877edfbcbc86e4f374b86513f3c3181

  • SHA512

    a3459f4bcc16862a9c835106cece9c9bd565ab515094213cdf66a934f9b3ed7820fd4a790e0839ee80d0521e7eebbdfd7ded9ae502f1a1b1d74ea40593bf34f4

Score
10/10
icedid3415411565bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com
Attributes
  • auth_var

    18

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      186B

    • MD5

      e14de7f5eba87fa6b9466f4214c4d614

    • SHA1

      25ed97a19eefa2e5d33013ceb95e386e70ac98f0

    • SHA256

      e0326bb3bf6b5c2be434b3945229be63bef06830c2ad604671b8d4dc53db0ccc

    • SHA512

      d7d7c0a6150d644147f924c85de27748d8c93aebb41fc37b6ba8f3dd4ef675cd0273d54443e4e76ee4acf3e4f9eb4a622184718f11e49d72bb39c5a68a4f29bf

    Score
    10/10
    icedid3415411565bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      paper_x32.dat

    • Size

      43KB

    • MD5

      d3a9e33c7e606b711b1d658248d96d4a

    • SHA1

      430273e227bb4445fbd92363dc97310ca3232b48

    • SHA256

      85c49c0c2f9778edc03a6797ffa139b27538fd7060d6b80f2d00e23aa158e625

    • SHA512

      e15c697ce13a8140fb41596def262d414f47453b0f01e96b8659caa5f024e8c81b5b2462230b992e081d368078ac33f3f37c0dae17bfd81b0a06c960494e0f3d

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks