Overview

overview

10

Static

static

canvas-x32.dll

windows7_x64

10

canvas-x32.dll

windows10-2004_x64

10

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

dwarfx64.dll

windows7_x64

10

dwarfx64.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    1.1MB

  • Sample

    220628-ty1xpaceb9

  • MD5

    6cec24f38cead97ee0d2b5948c5c42c9

  • SHA1

    d09728ac9ddf1aa4729344496ca63411e26a6832

  • SHA256

    d462f1b5cf3e4f90af4a2b07d13e5277d0df82b7e3a3c664daba08235e395d10

  • SHA512

    37cd0999d4d3b0e2a1868cc41e277aa998297c594d762dd03e0680831d754cc28857a0be08b2499d5816105270232f19e4457513d016c686ddc9aece6a691c43

Score
10/10
icedid1057461280904247735bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

904247735

C2

trinityasos.com

montycrack.com
Attributes
  • auth_var

    3

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1057461280

C2

allesborn.com

blaskmirror.com
Attributes
  • auth_var

    4

  • url_path

    /news/

Targets

    • Target

      canvas-x32.tmp

    • Size

      437KB

    • MD5

      470e2113b08b67e95c87fe4e5d1354d1

    • SHA1

      65e3d17accf67a7e5d5c84eb4ec407e0e8350091

    • SHA256

      0ecf933e063be2a3d0f5b6ae2b160ae916d06dec52b05f42f54b84242d725f60

    • SHA512

      8bbc52392459053501607fd75f9c023b08caa01c0b665f0c07165d25cae22896d94eb567bd486b167dfc79449678355f282b8229ef87e62c1efe2d1cbf9b0933

    Score
    10/10
    icedid904247735bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      cmd.bat

    • Size

      192B

    • MD5

      6403b95ff9680293746a72061c0b725e

    • SHA1

      e49b77da281c0ea55191599096c778f958a58f30

    • SHA256

      7d901dd1614a27e7db8341f338697485cf9032ff2c55be7b21762da781adbdc0

    • SHA512

      ed8c5546a7627d28b8459c90c6db7c5f3663afde6eb9c42a0f978bd1487cf17ace955f6784e138baffda9b9969687905267a11ce55b69353557fa58c560e571b

    Score
    1/10
    behavioral3behavioral4

    • Target

      dwarfx64.tmp

    • Size

      340KB

    • MD5

      d887c4ae1ff288342c822414ed196d95

    • SHA1

      fbba2fddfdca4763f7588646941908fb86322337

    • SHA256

      17f0eb28cbc5881ac2b0c98db70afc5df189e3dc3bbb06a81cf387ed11d325ef

    • SHA512

      b5bcb0b05b4c2f71887b7e576607bd2e20ba4a9287751c05efff5e9c8ffa92765a6d8e7f726436ab983ccb9a3dbba5fb95b0f7322e7746c7eda63232d5778fc8

    Score
    10/10
    icedid1057461280bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks