Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

impulse_x64.dll

windows7_x64

1

impulse_x64.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    365KB

  • Sample

    220328-q8p2dsegcr

  • MD5

    9ac0eee3718fed570071731ae03a4bfd

  • SHA1

    2b72c0c7d9526b6d4f502cb2919ec358c97e3e22

  • SHA256

    e8f38a8ea446753478bda34b8cdcbe6582ee0fa5ac900a5e4c3d9d8af3f2fbb6

  • SHA512

    a16882ebc04db6337472ae0ca6e1f6f4089849c64d79644e4fb591b4403c79d64f6fc56dc29bf27d0bc7da3d5ac39a1bb39339eee3b136871422c76e872d1d11

Score
10/10
icedid273095221bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

273095221

C2

qwesteresiler.top

hoseonlin.top

fallhuma.top

nefitsonyo.xyz
Attributes
  • auth_var

    3

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      190B

    • MD5

      90d45afa6d19dcdb77acbf7feb7e6acd

    • SHA1

      1d2082578ee2754f8a1832b43d34d2981e45349c

    • SHA256

      94ff05e826b154bce6b9dd22edf2d01d41fb61457a9e78943d4dba9e3e07f272

    • SHA512

      89c639562c183d1375a810378939fda3c8a08567c5a6e13eefd80ce711c8ed29e887af0dff1b845d6b44003055728048d819104f93bce3442b15cd3512905c5d

    Score
    10/10
    icedid273095221bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      impulse_x64.tmp

    • Size

      47KB

    • MD5

      44339859f207cef9ec6e6a376e505130

    • SHA1

      2af068457e66c9e821042c9ec064230fea3d649c

    • SHA256

      87bb5386fa3a670dad4c2c3dabb7021bf089fc1874c33b99168c10fc86f17bfb

    • SHA512

      79850b66c191b46503fdf622772fddb30a317b589243f793c09b32a4e80de65ca4d7fc92d6cf88ac9db15f6f6b6373d3c73fcb3a19b0225cb4d05c0e7592854b

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks