Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

decline_.dll

windows7-x64

10

decline_.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    524KB

  • Sample

    220726-yhkmzsdfaq

  • MD5

    3e197a1f9a12efdee7014081efa59d76

  • SHA1

    cd32650d0bf0457e5f6d63a48941cf0a16e10027

  • SHA256

    72aa3e37886acff63285b0752e04c4427dddc35f571be1c5161d56a4d74d57b0

  • SHA512

    dd2c13a864677107befdc456dd2d8b479cd246fd879486e0c4a27a9351d87464e8e31fe696d0fd622369b8373db26d783901c3925b29066dd251447e7bef82e5

Score
10/10
icedid1573268852bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    10

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      185B

    • MD5

      7be476743fa5c3c1261fee8b23692308

    • SHA1

      45f82cc673cf14b3c1f1f7b3b212c87ba5e23c5d

    • SHA256

      0d014d94c74ed5030fd939da2aff4c7d8ddc5972c8b16a3069d771c84957dbda

    • SHA512

      ded430c80948acbfc392bcf48eeaf315da5bd21a51bb129cf92486aaf1d5e469e3c02d3cbc1b9fc320a3d9dc50f3face49c3136df4a5f892e39cc7995be8f581

    Score
    1/10
    behavioral1behavioral2

    • Target

      decline_.tmp

    • Size

      190KB

    • MD5

      bfc564121c08943b6ea7a72da2ec95c2

    • SHA1

      f6e04164ecdde8dabcb67363f74df8a155e0e499

    • SHA256

      b3c0d96dde2489134cdd360196dd9dedb6e9df46be204e5ea2b92565d9763758

    • SHA512

      9fadc645933b086dbcc58bb041ab40125f28e7c573c58741303900acbe0a05001eafd0f5a04b1dae2e52e005827047a976f512f1622d2a054bbd6728d79d39ab

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks