Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

exist-x32.dll

windows7-x64

10

exist-x32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    442KB

  • Sample

    220815-vycersgdg7

  • MD5

    30fadbe34bf09de17979a74fcf75bc3e

  • SHA1

    7641075d3dd2d51d6bd0143e3d35e3d7f163ae66

  • SHA256

    716d18c4935d3f62fbd04741fa084ab725f0c129923c3a469159b0a09d9ae7ad

  • SHA512

    4ce82f601672174b471edb4c15658d9c65b49d7e138a39fd9cf71ffc5716247942575e3ae6c53dae29d2c556bc4cca793fdcde0f18f4b2400a4844c7f4bc1818

Score
10/10
icedid310022019bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

310022019

C2

uytricmpreprom.com

plorinnoult.com

yotrakeoksa.com

cleanmagoza.com
Attributes
  • auth_var

    17

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      186B

    • MD5

      36010fd2b1339e37b977cf21dbc3f969

    • SHA1

      994425c9954e97fda7d92c0784cb345d9c582552

    • SHA256

      bca275bfd5a00169bfafa95bf2b357fbbced72b40868615ce33b995a884ee945

    • SHA512

      a32080917b3fab7fea8bed0f639cd94798a30871f6c232fb8feefae84a667bf5730a05b565942d88e0b056cf6aa31b29eee31aa0ae4900329814081d4773ef03

    Score
    1/10
    behavioral1behavioral2

    • Target

      exist-x32.dat

    • Size

      107KB

    • MD5

      df2b51c4ef241f03e3919afdac6de54a

    • SHA1

      cb17bf66b3f42ff2c7626136a7cfb7ef69812dfb

    • SHA256

      479510c3835f5a694a4efc0ee388f2bcf8c442b2f3efd9822100bd810d4f957d

    • SHA512

      e1b65514169a77ef77d2246a5e4cd08a30b03ab78bed97578e51473517187c7a59b910b8277cb88d279ffc90a04f251a643273ec46907ce5004e4f8de93dc1a2

    Score
    10/10
    icedid310022019bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks