Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

erupt-x32.dll

windows7_x64

10

erupt-x32.dll

windows10-2004_x64

10

sugar_x64.dll

windows7_x64

10

sugar_x64.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    2.0MB

  • Sample

    220624-vzz78agdh2

  • MD5

    eae4900354e32eafb06a9c55e38a5ffb

  • SHA1

    429945e6f10fee0006778f4e2151da6aa095e1ed

  • SHA256

    47959778e5198ed2c06e6fcd35ed633e69ee3adf098aade13a6118f0d9db69f3

  • SHA512

    19b9282ef61421fd44bb6a8744efef35a710856e5ff48d1007cca095a1acdbe11a80677b67edb7c48c5d5abbbdeb4b5573de1b25954131cf739827fb7b73f360

Score
10/10
icedid10574612801501064257bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1057461280

C2

allesborn.com

feelsgear.com
Attributes
  • auth_var

    3

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1501064257

C2

tekacuanm.com

pleashurehott.com

quuenkrauz.com
Attributes
  • auth_var

    18

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      191B

    • MD5

      dd156bbe1aebb324ea62611e7261bb25

    • SHA1

      767d652a462a1d7cd710c49b3ffc2ecbb224beca

    • SHA256

      e186ec154043943a8f05303633a2938ced627f4661b08ab345cc12a4b657ee53

    • SHA512

      27d47ecc508735beea48070b5b229c97e0346fe99160d817ac5e8b10e34d83f69cd489eeb156489e4a6c06ce38abee7e80a52bf3b1271d229d48eaa0da0d54a7

    Score
    1/10
    behavioral1behavioral2

    • Target

      erupt-x32.dat

    • Size

      843KB

    • MD5

      22914d48dc2694166dff8128264834fa

    • SHA1

      39b66e8fe09425e36292e20ef8ca90d4a9ef2f02

    • SHA256

      d46fd18f4bb99a0f92b6d8e169e49030ee1971dc1f644e839b4df2c0bcd5f709

    • SHA512

      45c6a4c20ed60ffb1ef469d77da27a599ff847d5e0845114e1f47c34f4e462a8cb5633834710f2e65ad833f2d4bde64f0dd6f74f31cbcc5c4914b19ce6855fc9

    Score
    10/10
    icedid1057461280bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

    • Target

      sugar_x64.tmp

    • Size

      844KB

    • MD5

      cb4932cb415b5f7523fa3cc197a9f129

    • SHA1

      c70c5a482a63c3dd7fe52443d751cc98957b3efe

    • SHA256

      33703ff5c1d72aa6998c9daeb8b39a17ce61f497ead16f63ab310a59db8c91f6

    • SHA512

      e39fd079a630b2200666c091a00670619aa169d110d2b97b8b47f931ddaab63d589f583ee8aeab7e7479c57184d3c3a7ad4a3fddfd30489d8f5193ea4ccd492a

    Score
    10/10
    icedid1501064257bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks