Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

crack64.dll

windows7_x64

10

crack64.dll

windows10-2004_x64

10

exhibitx32.dll

windows7_x64

10

exhibitx32.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    1.5MB

  • Sample

    220614-vly31afhej

  • MD5

    b0615ed0bc00d1457b6ad9f80562044e

  • SHA1

    3f9544a9311068a3d895d8c90fac90ed60c7b6e3

  • SHA256

    2ada2c277892b76f242995180ebee3393c4aacd7934e45a0cb0d31908fe80daa

  • SHA512

    67431368547697573b168918d42064dbb6ed971ef5d0c6de8220435813dbd44c6ab32453cd596b050357968a5028952b443faf84cf358d431c29552fd7c4e0b2

Score
10/10
icedid15010642573415411565bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

adfinawxol.com

goodfealan.com
Attributes
  • auth_var

    29

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1501064257

C2

tekacuanm.com

pleashurehott.com
Attributes
  • auth_var

    15

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      189B

    • MD5

      15e53617ac033bfb8e39e4b2e6a205d8

    • SHA1

      74cd6a833a9e82f759da891a30f5fc68442ad13e

    • SHA256

      8c5b1a0e4c360dc229095142e928c7a471486a7dee182aded26c9574d50fbef7

    • SHA512

      bc58b9a17f06466532a1a2bc2853139d92099087f24196c87b71208201bfbd3ab568d2509472104011df3db62184d88ddaf4f1c01ffff38a302fd30b6cbfcbd3

    Score
    1/10
    behavioral1behavioral2

    • Target

      crack64.dat

    • Size

      587KB

    • MD5

      7de1f0e3c63ad35abe1882fe7cd92be9

    • SHA1

      eb0366f0ebbdaf0215cdd306fa56a965d6754f1d

    • SHA256

      a37fb41c1116fe04151c9607e17d336dd7491f00044109b4ec21ddf578a08d65

    • SHA512

      1a8843cef2f4344273c9e40837e89fab167374ea1e55d4b57c0f18890fc28d2e261387b93d6b5187801a2530ebe187e93abf19fad5ddc66fce477e6a28bd8a8b

    Score
    10/10
    icedid3415411565bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

    • Target

      exhibitx32.tmp

    • Size

      588KB

    • MD5

      b14d9cbadad3592708f20c547514a999

    • SHA1

      eb74758eb171acdc437a47c1fd1ef51e27a682b6

    • SHA256

      370392d86aebcce75420d73c759031159362a2c394aee873dba4b34c092a0c12

    • SHA512

      60923b92d818ce1bbd5e2036e2ae3f0d33928911146fe79775d16dbde6f4e49ce49a27e7303e02aa2a242fc16dd3863e57fe76b3248a6a2f52298e952056ff46

    Score
    10/10
    icedid1501064257bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks