Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

weird_.dll

windows7-x64

10

weird_.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    638KB

  • Sample

    220728-vedhqahdh4

  • MD5

    f1ea70b03a48d62ce20cdf3dd9fe2a44

  • SHA1

    b232f855bd6a597770a2461ae85bad55645e1620

  • SHA256

    cd4de3d13b3caae041ceac7c63bcfc1bc61f03cd904f285a768ab4b97ca3d640

  • SHA512

    832fa14174ed9c28e4d6735f737d597a748d7b857c3f04b138a8c60ab2d8b9e8c4e59c66c6c2f06fd1dca96748929b766c30786c68342be527fd4bdf7fdb1578

Score
10/10
icedid3524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    11

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      183B

    • MD5

      875b3c8e22174ec9bb7252d0c3894daf

    • SHA1

      5313a50c0290321d65e9c293008e303e32154c41

    • SHA256

      320c79228eb7a68229ef1b292ba0651070ed809f094bade2e2ca76305c808c07

    • SHA512

      d1b623477266e16e19d3de24c07658cc0eb2643961af04bc270408272610d5bf2acf37a01109752afd3d41734b23125f9f8890dfea39fdf72dc097c748a3326c

    Score
    1/10
    behavioral1behavioral2

    • Target

      weird_.tmp

    • Size

      304KB

    • MD5

      3ddcf5d00e292b06a688e27d81a64f72

    • SHA1

      cf67af3d95f2c4c60059dee42bf6e7777b0e5dbd

    • SHA256

      074c3394c48dec18875c0de5d787ff10fa9be403f9483a55ef475eb803fb3acc

    • SHA512

      c74b62db1d8146f064f2c38f705831fccb80e83beea7d0d5641e488bbf43e172d4d8bba6e58cd85825712a4139031298de2fe192c06f43813a41a70b37383d38

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks