Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

pony_.dll

windows7_x64

10

pony_.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    854KB

  • Sample

    220707-vnbqgscadp

  • MD5

    3c7897937529643f1f549f22cbd69fa3

  • SHA1

    5724cd158d515bd69097e42975667c42f1ed214c

  • SHA256

    764d884dabdc19f38ee270ca65e27afaf3e5731c54e8cafc5f30d757b83e26b7

  • SHA512

    d6d895dc106c739f79c74f61de454242fdf9ac54b7b0872fb3596a406b7fa5e83087ad35bf3fc1ee27d8fd7a5ed2d5f0c37128bc001da28c9103ae33a31fdbb0

Score
10/10
icedid1573268852bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      187B

    • MD5

      72f9832e26f22c251765dbd43dd7b19f

    • SHA1

      dece15cb77c851e678126056b32a1ea7b72400fa

    • SHA256

      5847171289735b17b8dacc1d126eaf54e7624d429de0661b76d3ce6cd399e8f4

    • SHA512

      286190dd030d53f346ad14ddd20f7dee137f92732c79e2ac7b45bdbf22a1a633e79b9ea15676127d213b3f040469b9cba62211247fc304d71e00e0761872161e

    Score
    1/10
    behavioral1behavioral2

    • Target

      pony_.tmp

    • Size

      520KB

    • MD5

      c43462b01ee7d0b7dcd7ff3aa468ce90

    • SHA1

      a5dd2fe3146aafa55e40be07c65c35fb43f54679

    • SHA256

      339323897f1fc41253915cf895f9e3a34ad4fc215e5265c9b5da9ebef87f0a24

    • SHA512

      db8b5a28cbf0514f0102289ccd918040aef20129249786f0c5cd651c4713e39d2d73036a29e7180758a0d33bb85e3d3fad460567bde4dcfee1d9017cad4d2249

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks