Overview

overview

10

Static

static

broom-x32.dll

windows7-x64

10

broom-x32.dll

windows10-2004-x64

10

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    384KB

  • Sample

    220803-wn4xpsdhf5

  • MD5

    afe4897fa381319958aba2c0a981b208

  • SHA1

    d087690fbf3611e1db3e56456e18cd1c2eb30614

  • SHA256

    62c01d820324c5cbebaa43ec81f84bc23e7e55e0f867072c189b8f8a181552a7

  • SHA512

    cd98578a356346ec0b6c63f9d0dcb65c5ac6926bd089f0297e17bcdb30be344db968a544763c6c39b8adbba60d93f7111470a78db4dd85c63d6efabca265c04e

Score
10/10
icedid3524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    14

  • url_path

    /news/

Targets

    • Target

      broom-x32.dat

    • Size

      49KB

    • MD5

      fbc189cfff511d698bb612bc9e58e4fa

    • SHA1

      e64b67c6eb7c4e1623942ef388e9d648e67663a1

    • SHA256

      b22ae26c58c6b6df210e6985e30169f5b73b8a743f0376600376726f3c213207

    • SHA512

      6f5de0629ff877ef56cad57a141990c8b3da9ea167e2a3e0284be836addf4e08015cc76ce16a65067861cc8d26e4f5969e3735b0a060b75c3a011c3ab2ad6da9

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      cmd.bat

    • Size

      186B

    • MD5

      31945790cde26b28268fd9d13ffd000b

    • SHA1

      aad2034ec7823170f4a96d1a05bb7623c9546bd4

    • SHA256

      9481b2cc18a6046bc43127d9c4090fcb6b4b0ffbe706912be38c65eacfe33780

    • SHA512

      93d90864c0e4c214e6d1522e740be4d011e3c4d7549d9e8240f14dff2091d837ac4efa06ff922956f4f7e00db49250d8ddb7157b766094ad7b419dae0f8d6064

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks