Overview

overview

10

Static

static

cmd.bat

windows7_x64

1

cmd.bat

windows10-2004_x64

1

divert_32.dll

windows7_x64

10

divert_32.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    379KB

  • Sample

    220714-tq5wnscda8

  • MD5

    7d3037b1ca62547d7b8aa1799a464cef

  • SHA1

    c71531f8c5bda23fa59e7b9d9af90489f858648b

  • SHA256

    bb916759ec1184381be7b01ae757befdfd578d56fe356a2f77ac71420b150859

  • SHA512

    e89c761f35586e1e4a99d328a658e694f3ba95ea339cb177668dd8a5398bb4615babee56205538771ffc83c3e8ca035912cfc805619d8b9a53def3b0cca64e14

Score
10/10
icedid1573268852bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    4

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      191B

    • MD5

      9d16a11a95ee4d4cc5fbb5cc0d7f4279

    • SHA1

      5b99b90a57addc4024313741f20c527d4be19b33

    • SHA256

      ae69c01458a71817de60f091be4bd669aaec5001b010dde02aa8d4cab83ea41b

    • SHA512

      987fb4096c0a7defc82ceeb592f31f226dcbae8af333e4f8a0afd35e4e24ea54c8a69e60aeb2abe07d6d4ae0dd3c95358756199f2135a1a72e5876c8d3a842ed

    Score
    1/10
    behavioral1behavioral2

    • Target

      divert_32.tmp

    • Size

      45KB

    • MD5

      9fd62e4f8a094f59b60b85e9402f9636

    • SHA1

      174850d2691ff8495a72a404bc02919d9a90d050

    • SHA256

      4f8ed2b9c81976bab40248b15472ff50897c69fed414a03c10cdc8772b152742

    • SHA512

      8cd10d5175bae76574185b943ca98758bf2e1e78a338592c859b2ba45406bcf83387d4484c9de4ead772c95ea15775beb4c406958b0850cac161f52124bc5a88

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks