General

  • Target

    core.zip

  • Size

    960KB

  • Sample

    220725-vd25pabbbr

  • MD5

    fddcec4cc389a931f1dde8419708bf0f

  • SHA1

    73d5aafdb73c21aaafb9423418b86897777f8bea

  • SHA256

    fb029e39bbf3947d7931be4dcc28a02050c878d2e8f34534c49587259f191f00

  • SHA512

    d3b6c9a6097986bff985a5d04a51f10821b7987a5c57d56a20c1d797d30902e5c31ea853b92fe508c5a10b0a2d67a3a8d5655e6888fc4da7434428ba889f41b8

Malware Config

Extracted

Family

icedid

Botnet

310022019

C2

uytricmpreprom.com

plorinnoult.com

Attributes
  • auth_var

    13

  • url_path

    /news/

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com

Attributes
  • auth_var

    8

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      186B

    • MD5

      31a5126fa2f08ad99c65545649e9e40f

    • SHA1

      2bdb65324cf44411ae837c7782a8d7a3efb5d3cf

    • SHA256

      52c0668bcfb04f64e27200554413f0e8b46f24782bfbbf61ef202d7a45577010

    • SHA512

      46ee74cd9b7849b15fb3f6119e27f819bb944d49867cca4dc1d738d16cf36895a403300c2b937c5ff99d80e829d38a496506705e30612468ce262b11df352504

    Score
    1/10
    • Target

      minute_x64.dat

    • Size

      312KB

    • MD5

      d0c13e99f8b74352cdb845aa3a72fd52

    • SHA1

      2b44c301d4567a9d631ec19f38e349b424eaa850

    • SHA256

      c15d6721460460d177b7e68f4b991b0b8b17ded6bd098399c76c87b0982b7ca1

    • SHA512

      799152ed8a9fd050877631ec9e99c4bd8eb42ef96845234411f27c48aac106668974370677b2d64650300393ea9ac46c708e08309c6ff1730cf5e7904f99253f

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Target

      teach-x64.dat

    • Size

      313KB

    • MD5

      40d316a38ba7f843b2c9e1b0948b4f1f

    • SHA1

      9c6491e6b64d5fe22322989b348227a37e68ff88

    • SHA256

      5a95cacaac143486a7330700a717c645f297bc007d0c4c054deb41ff6273669b

    • SHA512

      7d9e55e2cd9fc5fef1940f39f51d801e47386234e0c311b59bb5b833b67dce110a05e8ca56cda1277522c9974a6c9f014d42edcbf5f386a5d3ff0c2baa536a96

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks