Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

ordinary_64.dll

windows7_x64

ordinary_64.dll

windows10-2004_x64

10

pony_.dll

windows7_x64

10

pony_.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    1.3MB

  • Sample

    220707-1sb5psdebk

  • MD5

    7b7a34b203cd8cf6ccae22d0dbd6b814

  • SHA1

    eab4e6dcec872710d0354a6284971539d151bfc2

  • SHA256

    ebad5fa29ebd4e05d54f6483f1445c421cc8d5577f6eb3821f11c94e9a07da09

  • SHA512

    7e0fcb82c045333b5212ff776c18f436c2f3c1cf7ee1606804cae4c514e46105e5ef0fdcb45c408539cf9cddb5cd312444a297550aa151c0af891e0632206b5a

Score
10/10
icedid15732688523524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      193B

    • MD5

      3ab361d7b51fddd7960c2d64d28d46e1

    • SHA1

      dbcf599550d5905059d327514de60c127d5ffef4

    • SHA256

      44669ee8730255483c81532bb329a606549f3ac4eba92be1a755cb95868e6cb7

    • SHA512

      c2627aa3bffbf1abf0ffc66771e40b5c38199b0762caf83fe15eb0aa3d6c47c977b569324605d5c85334b478c123b35fc1b7cb56a3dd530db00a5e86649edfcd

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      ordinary_64.tmp

    • Size

      521KB

    • MD5

      89633aaf763ba4bf911be171f02071d4

    • SHA1

      e089f521b1f1456fcd89657a2f9122a9cb005e8f

    • SHA256

      886a9e2cea447edd6941f4cae814b9047db066f09774299f4f7d87a24e7f3d10

    • SHA512

      951cdd1c5aefa0dbe440c1e498f29fc86f9cd5bfbeb37b074d87564b99f525b245c816335e4da2f65dbefb67319c0ac55cc3c561818c1e4e63a4748aa3d3c933

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral4

    • Target

      pony_.tmp

    • Size

      520KB

    • MD5

      c43462b01ee7d0b7dcd7ff3aa468ce90

    • SHA1

      a5dd2fe3146aafa55e40be07c65c35fb43f54679

    • SHA256

      339323897f1fc41253915cf895f9e3a34ad4fc215e5265c9b5da9ebef87f0a24

    • SHA512

      db8b5a28cbf0514f0102289ccd918040aef20129249786f0c5cd651c4713e39d2d73036a29e7180758a0d33bb85e3d3fad460567bde4dcfee1d9017cad4d2249

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks