Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

donor_64.dll

windows7-x64

10

donor_64.dll

windows10-2004-x64

10

pave-x32.dll

windows7-x64

10

pave-x32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    515KB

  • Sample

    220719-wkj35agfem

  • MD5

    e2b47e8cc0e354e8f242e40d8a7f75c0

  • SHA1

    3416c3df68c2abf043d4b12384e494c4095e46bf

  • SHA256

    f4b48ba292e2e4885f26329af061d022f259ec4dc992edf3cf315f5fbf9a4378

  • SHA512

    71ca6638cbc462bfc83145deacba2f795fff00ec08be6abd90cc9f06bd04301d153789c0c5aad108e0b68a0b73850f1533886af72f851a3ade562beef61f4dae

Score
10/10
icedid3100220193524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    5

  • url_path

    /news/

Extracted

Family

icedid

Botnet

310022019

C2

uytricmpreprom.com

plorinnoult.com
Attributes
  • auth_var

    9

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      190B

    • MD5

      f920369c05c2a23efdb70ad485bf739f

    • SHA1

      43f15e99f04601cda63d476e918541a01bd184ac

    • SHA256

      de63b92b96e6ddbfcb5def28ddbb8947cb61374e4188609f4eb51bbaa95f9bac

    • SHA512

      78dc9580fe4f30f72d6c460372bf1ab201a3047746e248c1c14b5d92162af958385f4b62fc12d3047c37554f15a0a30f078248bf8085091687b3b46b47a73946

    Score
    1/10
    behavioral1behavioral2

    • Target

      donor_64.tmp

    • Size

      82KB

    • MD5

      020304d05b66ed158ba2d3456c8e11c2

    • SHA1

      ee653e67246e65730ac3545182eaf1565cf56846

    • SHA256

      3b44993cf55dcabf66c79affba3af6a18e6b71c8f65b4aaeae27c3bd4ddb9d0e

    • SHA512

      5933b4c98f463307205e516eaa518db93174de0ee7b1089565f8aba113753fbfb020bc80e8ce1dc65f55d61f806c77594ef74077578c533b35bd4c2df3d31a93

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

    • Target

      pave-x32.dat

    • Size

      97KB

    • MD5

      45994cec4fbf22e491879194e420b327

    • SHA1

      38086f1db08f8db9495b7a1faf215527ea98b14a

    • SHA256

      fd06d5f6622cd5fb5ae37ca3393e8595ba1c82fb55056b5277efa9b55c6bba6d

    • SHA512

      291a88132bd05a9671d1bcc61e5450bb5a356a49200685a68d2ae8413f04770fbb3ebf722036420fd3217f9cdbc65efed83cf49e97c9cddb1803d3a2dd30812c

    Score
    10/10
    icedid310022019bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks