Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

farm-32.dll

windows7-x64

10

farm-32.dll

windows10-2004-x64

10

tagx64.dll

windows7-x64

10

tagx64.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    core.zip

  • Size

    493KB

  • Sample

    220907-2l5n4sdbd2

  • MD5

    7c77a3fadbddd46888d1ac5902bc1de2

  • SHA1

    be1852f1c606b0e49877d7a73da245f582a8b047

  • SHA256

    b87ac8727be102dd752ce8bf3b8dff2634ecc87a0ba42b9ed3daac5384810aa0

  • SHA512

    cc9f073e9f0b74e9183c6b59c30e2c5a3cb5a955da91002391893ba2416a725911fc0066c1b2576a73eeb9c49d33f0c82cf71c9808dee2d7c4502ccb03963ca2

  • SSDEEP

    12288:ozFOkw8R5CtDMEuW0UvC23nIuJx2iKpyoJAiNLCEW06:mItQLW0CZ3xH2rAKxNLxA

Score
10/10
icedid28207238363524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

2820723836

C2

iscasbase.cyou

xqertansi.gay
Attributes
  • auth_var

    2

  • url_path

    /news/

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    23

  • url_path

    /news/

Targets

    • Target

      cmd.bat

    • Size

      165B

    • MD5

      7b098ed0939bd4df51eb704fafcb0de8

    • SHA1

      cd60e5bca2bdd94c807c7dd2f8fee3da3dcbc588

    • SHA256

      2c106fd78db5a5c030c5d1a217e68c9a647d471093b53adf9e5812a7d56291f7

    • SHA512

      24cb7128310cc626422955e0d8c5bd53b4cbd659e914e0caaea29c5922dfe61c9103b64658ce3f01df2145e60987b140e66fbf2fd6ec6a4b5a90722889d8c46b

    Score
    1/10
    behavioral1behavioral2

    • Target

      farm-32.tmp

    • Size

      92KB

    • MD5

      922a98593caed3c13caf93e7d4d72688

    • SHA1

      53d0214aa737b08edaf947f65c72f4499be3372e

    • SHA256

      1711fbc112a29d98cf1087161852bede5b119384b224c8372ef2872980e426f5

    • SHA512

      47d55d3e49dcda996b4a6684d897d368bd9a96c6b28243a4f2883238bdcd96b47f53645e8f3407f9fee6e45a897d9a1bfcf43cf66ef235a2cd5d349b1efa2ca9

    • SSDEEP

      1536:RnFVRlA7NSPYBasvVjnaiHcx9RDwncH4lEBskSyqaHXnVFnZZ4s3fhgklHPNkkDq:RnFVR67NSA4svlgDjYlEBrxLHXr8s3fx

    Score
    10/10
    icedid2820723836bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

    • Target

      tagx64.tmp

    • Size

      66KB

    • MD5

      12c02419eb18170261cbadfaaa32d405

    • SHA1

      46b04de423696ad4e9e6d882d9d908da59ee3238

    • SHA256

      dbbfcce4de60d01b8679956f0fb3f454e6987378a2ce2bf9e2ca7a7efbc334cc

    • SHA512

      e663d8ae5c8be479be3572fa845927760e41ced9c325f8a55d34227d0e6495172bc9817d3861e36c500a61951784627e6422f77b2a47ea2800a04477b265963a

    • SSDEEP

      1536:5huTBzDeNcLaSAQ/zC+XozehwqVFqhvNUwKhZIB4oakxce+h57:5hSzDeNc6OXJLsN2ZIiNh5

    Score
    10/10
    icedid3524611504bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks