Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

ordinary_64.dll

windows7_x64

10

ordinary_64.dll

windows10-2004_x64

10

pony_.dll

windows7_x64

10

pony_.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    1.3MB

  • Sample

    220707-12razsdhhq

  • MD5

    00c2e76e5d374fc3ab317ca4f7460c4d

  • SHA1

    88cd02fcb9b1d772d835b8073ad47e188d265acf

  • SHA256

    ac16e225f3bbdda12baedb9e1551922fb984586df6334975c7f5ec15fbd3fff1

  • SHA512

    c040b20c16f68270ad2795b1b86cb9c968925ff435887dd70b5deb9173a539d2ad7afbd945985f8b8de897de9e074953347b99d94e6f7c264abebfe14f637981

Score
10/10
icedid15732688523524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      193B

    • MD5

      3ab361d7b51fddd7960c2d64d28d46e1

    • SHA1

      dbcf599550d5905059d327514de60c127d5ffef4

    • SHA256

      44669ee8730255483c81532bb329a606549f3ac4eba92be1a755cb95868e6cb7

    • SHA512

      c2627aa3bffbf1abf0ffc66771e40b5c38199b0762caf83fe15eb0aa3d6c47c977b569324605d5c85334b478c123b35fc1b7cb56a3dd530db00a5e86649edfcd

    Score
    1/10
    behavioral1behavioral2

    • Target

      ordinary_64.tmp

    • Size

      521KB

    • MD5

      89633aaf763ba4bf911be171f02071d4

    • SHA1

      e089f521b1f1456fcd89657a2f9122a9cb005e8f

    • SHA256

      886a9e2cea447edd6941f4cae814b9047db066f09774299f4f7d87a24e7f3d10

    • SHA512

      951cdd1c5aefa0dbe440c1e498f29fc86f9cd5bfbeb37b074d87564b99f525b245c816335e4da2f65dbefb67319c0ac55cc3c561818c1e4e63a4748aa3d3c933

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

    • Target

      pony_.tmp

    • Size

      520KB

    • MD5

      c43462b01ee7d0b7dcd7ff3aa468ce90

    • SHA1

      a5dd2fe3146aafa55e40be07c65c35fb43f54679

    • SHA256

      339323897f1fc41253915cf895f9e3a34ad4fc215e5265c9b5da9ebef87f0a24

    • SHA512

      db8b5a28cbf0514f0102289ccd918040aef20129249786f0c5cd651c4713e39d2d73036a29e7180758a0d33bb85e3d3fad460567bde4dcfee1d9017cad4d2249

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks