General

  • Target

    core.zip

  • Size

    631KB

  • Sample

    220816-vckh9aeeg4

  • MD5

    02c9ea57ed860fdaeb7a610c023cab8f

  • SHA1

    7f5bdc3df53bcf882dc7f83ff6a2e622633423d2

  • SHA256

    28661e4a0f43711df5b1637f6ee03046939db4991d56940e1e6e10425008232b

  • SHA512

    873498db1ba15435a476b0fb18e32cbc0e282e331e76ccfadafe73dbdc7a41c51c774bb8b74a1f9a8f195b01ffb19d482965dcce66480bd3fbf1225dd0cdad05

  • SSDEEP

    12288:xJG2luCHeqmggNsf1+7H0vYmOkw8R5CtDMEuW0UvC23nIuJx2iKpZuh:y2lzBmjstD7ItQLW0CZ3xH2rW

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

xikolaman.com

iboracarde.com

cementqbilly.com

qaderation.top

Attributes
  • auth_var

    17

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      184B

    • MD5

      a8d097c4b5b56a3b864107da9275de81

    • SHA1

      631dad0d2d6cc7dd2add1dfc57a6717bc1dcd9c4

    • SHA256

      c9598b2fde394149f3a1ee115a9576edf8ad789200271c130991b4d6fd948d4c

    • SHA512

      e1b64017107ce35554847f02461acea5ab8f0ded5ff7e7360c483ff3748331e1af70bdce453772ad795849a08f1bf8789b23f58988a70a4191226548c7cf5843

    Score
    1/10
    • Target

      winter-.dat

    • Size

      296KB

    • MD5

      3767e2dad64d6b0ea14664acd2ba520c

    • SHA1

      9809ff35c742adae6a009ec646ce8d74c7942a4c

    • SHA256

      3ee4fc9da984841a49261c68d395e312fe8606f2e82e65c50b4462397e23d662

    • SHA512

      a389831301c74c74ff85376bd96a9f8673a96dcc6c573acf03a1657758e6d6c362228a6e3d9d9e1bfc46046bc669c66d40e9312561b60ffc9d2371d931f905d9

    • SSDEEP

      6144:IBrSluO9jEYztpSqmlzT+mpNsnDBVLQaqsc7H2PvY464:s2luCHeqmggNsf1+7H0vY

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks