core[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

mention-x64.dll

windows7_x64

mention-x64.dll

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

cmd.bat

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cmd.bat

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

mention-x64.dll

Resource

win7-20220414-en

icedid 1501064257 banker core_loader trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

mention-x64.dll

Resource

win10v2004-20220414-en

icedid 1501064257 banker core_loader trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

core.zip
Size

1.0MB
MD5

903e7db33ee3a7557cb968dcc093f8cd
SHA1

6a3c1ee3e1715552805a737dda5a2684f1c08e99
SHA256

fd2e50ee4a87fffc019c1cea7f745e477d4e252fd775bc31d9461f48dd3587c5
SHA512

5c0e6dbb05b9d0342dcc448658c97b8993ed17244d409b38064b407718db57c49c46f9c4819edc67ed70e945d060b3fbbdb1775a8aa6fac5aa189830aaf3481c
SSDEEP

24576:WB90JTqSr2q9nh/Pktv8xoFkEfCrMtxLSvNk/N:Bbr2q9U

Score

N/A

Malware Config

Signatures

Files

core.zip
.zip

Password: infected
cmd.bat
license.dat
mention-x64.tmp
.dll windows x64

Password: infected

f40f6d9b9d042c97ffaecb83912823e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmGetImeMenuItemsA
ImmUnregisterWordA
ImmGetCompositionStringW

gdi32

GetCharABCWidthsFloatW
GetDCPenColor
GetDeviceCaps

rasapi32

RasCreatePhonebookEntryW
RasEditPhonebookEntryW
RasSetEntryDialParamsA
RasGetEntryDialParamsW
RasDeleteEntryA
RasGetSubEntryPropertiesA
RasSetAutodialAddressW
RasSetAutodialEnableA
RasInvokeEapUI
RasGetCustomAuthDataA

Exports

Exports

H1L8XtCY
JYA0EJsQ
KxECHH5mJ5
N3JW7PwDBf
OROOELg
OmJ4bb
PXNphk
ViIaWGf
WR8zaAd
Xq1iGRrqJTn
aPbCP44m2an
akzctLWJM
asbjhasdbj
c3y4YBw9yQs
fLkbrP
kjwYM3cAvYq
xChSaREO
zEa5rQ1f

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy