Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

oxygen-x64.dll

windows7-x64

10

oxygen-x64.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    573KB

  • Sample

    220802-t3rjtaghb3

  • MD5

    386737afc3a0923df30c26acfbee6ef8

  • SHA1

    d3aa4395e1d531e01078dd918fa8067c9cff311d

  • SHA256

    24a8238b04834a0988cc07fafa775e12288912131b1f70064a151d3b5413c713

  • SHA512

    b74a50c6c20066d7081dd24d25eb74d37c4b8b64630f39b932f993a6ed16366fceecb8ea7f9f64011f624b04e09baebc1169365578a395655c9b3d1f29cfaa42

Score
10/10
icedid1573268852bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl
Attributes
  • auth_var

    13

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      187B

    • MD5

      4bc3a9e4bff070d13b96623e7a6c5115

    • SHA1

      34bfea8b8fa73162b83f4faf7537ea1e0224980b

    • SHA256

      1e7cb59716562b1b0f306e8711e78d6f94fd6314f676b389e94f38583d3dfc6d

    • SHA512

      20c9778aba533d08b014f72172a79284dde6d8bea8c118284332d6ac7b151552bf9ee1bb396f6cb992637d47c6b4c9d51eb13a6aa1258d87b2a5bffa21cec275

    Score
    1/10
    behavioral1behavioral2

    • Target

      oxygen-x64.dat

    • Size

      239KB

    • MD5

      79166672591271b2e68455b51aacf5de

    • SHA1

      c9d6f428a37e9eecfc30712ef420c6df82ee9667

    • SHA256

      6ed8499020fea0c91fde5e2fd2be39434e4d5b65d4d53fca8ab5e82ba0a50f33

    • SHA512

      3917ebe5216f593bf087d261481be9fc29ccaf96993501eeab45a480534b1eaa85616e4c3bc3f9d24cfdfff85e9251083da18b35a290dddf6fe7f5de46045226

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks