General
-
Target
core.zip
-
Size
458KB
-
Sample
220421-vdrc7abdem
-
MD5
d5b0c7bfda9cf6c553d0b24badaa943c
-
SHA1
cb9ce0cbad232f91d42ee7c3cdd155099af50b69
-
SHA256
b3608f2907d2924d576fd27f1feda3a03695683fdfec2130a9a59426c0432870
-
SHA512
8e07050068fb3679a30a38375780b4607746f2397c32dfd0d236ca4184087c96799f8b5c070a69abfed067b6c5990fcf94e90af2b0aa02de88f42f059a23b143
Static task
static1
Behavioral task
behavioral1
Sample
core.bat
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
core.bat
Resource
win10v2004-20220414-en
Malware Config
Extracted
icedid
2406015698
commamimubebe.site
asredetyr.site
aszepolityu.fun
likoportio.fun
-
auth_var
6
-
url_path
/news/
Extracted
icedid
Targets
-
-
Target
core.bat
-
Size
949B
-
MD5
064cd7377e04e15604acc82e77154827
-
SHA1
27ec0914e4feab204a55f26be5734b7f5012f3b8
-
SHA256
73e21e5d4e92d3b0092cf9330311b4fcc912cb8bbf96cb732915208e397ab39f
-
SHA512
77d883025d0b6d60cb0b11ee70e25eefc569ae984af39929e16da53933f52cbb085de06756b88ff42cbee22927c7f2a227de2645e67feefa4dd412c05346117d
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-