Overview

overview

10

Static

static

augustx32.dll

windows7-x64

10

augustx32.dll

windows10-2004-x64

10

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

manage-32.dll

windows7-x64

10

manage-32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    995KB

  • Sample

    220818-vschkshdel

  • MD5

    2bb4a926b2260204c5f4b6344d8d7b26

  • SHA1

    dd72aba2815d03a24cce75b36fd427499f215a23

  • SHA256

    45665741a90336de07eee401dd9c160589b42df04d22dbf2babe948940ebc74a

  • SHA512

    04a9bef2fa271df69635e78ba8ce1522a61e406c88f684872807ac48670e1060751e3008f4b573e2af2a1ce7ed5854949bd3b838c8892cbb2cec5f04cb983362

  • SSDEEP

    24576:1tLBgfU3PbIYPgzy5ItQLW0CZ3xH2rAvllDN5ahtH:1tLDItcWTh+

Score
10/10
icedid1573268852310022019bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

310022019

C2

uytricmpreprom.com

plorinnoult.com

yotrakeoksa.com

cleanmagoza.com
Attributes
  • auth_var

    18

  • url_path

    /news/

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

klareqvino.com

ultomductingbig.pro
Attributes
  • auth_var

    19

  • url_path

    /news/

Targets

    • Target

      augustx32.dat

    • Size

      335KB

    • MD5

      3462028b30bf3c49b7228030882b6ab9

    • SHA1

      7c236c53dfb09169f2bff1f392dec4a05f1bca8e

    • SHA256

      0b27dff0f96c99c95829a62a0f76c107c97ca40d0a85416cd7d743b6b9887f2f

    • SHA512

      d0a2d5ecfb67fd94bdf3bc0e7dfbc03605660bd1d3f5589f90072e8d90291e1bab7a95ee65049c1e5938fe70d49fec2aa443490ac25d90803a5fcf73ade39814

    • SSDEEP

      6144:W16TBvM9z64cJagjxxp+btXuWjzdeSbqVYyg7SZVPnl6Hg8wy3:i6TitLBgjbp+d3deSbIYPSnPl78wy3

    Score
    10/10
    icedid310022019bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      cmd.bat

    • Size

      186B

    • MD5

      b161383c2aea311f67dc959269d5b0e8

    • SHA1

      0c6ae11d558de1487c7641e0f32634ecba4ee4d7

    • SHA256

      5719221c1480c443d942f5f9ab59b346d2194f7e2d69c693af05d0f55f3ac447

    • SHA512

      39b2960a3aede6b031ddc279f5eb75aa6b2ed53042206d4a839c0a90c29754a25397e67aab46f301b6161fa11e2cc28e46c8349ddde4890e907bb3ba06896922

    Score
    1/10
    behavioral3behavioral4

    • Target

      manage-32.dat

    • Size

      325KB

    • MD5

      62489cebb6033e2749011e7d8effd408

    • SHA1

      c3182c9579b0d8e63e553fa8b60d42ef93e70791

    • SHA256

      23c826496e972cff4eba404188232f6c646e5cb20034452750daddc24b8601a0

    • SHA512

      8f14f565c534f8a094f4d541fc2e328d9ee4e99b574a377a9f075920eda0499dc793b6063e08e67644e29f04504b3bb28897af532c4a1ba53ca3645ced05f73d

    • SSDEEP

      6144:BYHIOJqGYvkKBs+Tmg3lDRLdxblVukYt4l1sSfSmh9Q6Lj:BOkQAF3lDRLdx5aWCMpmG

    Score
    10/10
    icedid1573268852bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks