Overview

overview

10

Static

static

1

run.zip

windows7-x64

1

run.zip

windows10-2004-x64

1

run/1.dll

windows7-x64

3

run/1.dll

windows10-2004-x64

3

run/run.cmd

windows7-x64

10

run/run.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    run.zip

  • Size

    129KB

  • Sample

    230408-26311sfg44

  • MD5

    8defd9be9e347055ec8fe66d9b37d5b3

  • SHA1

    1fc4cc29708de635b00d716269980bf1c989766c

  • SHA256

    9d344a46b5756b2b89a883aff445dc25de22f6f2bade1229167d4cfcb6e1c17f

  • SHA512

    1bf77e8c0353404110d114bc7a82c4affb2a3e61df62c33e84fc6bbd2476543025ef595c5958dd33efdd96b20a13bbbaeea1b691fe8cd3bac1a0adb3c2c8e480

  • SSDEEP

    3072:YAgQeVrkQK9tRNKNXfVRFZXhar+qSL+9CyHTGPQ:YfrkvmJNHZXhASPyHp

Score
10/10
icedid607958445bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

607958445

C2

afrakonla.com

pinchersoftqum.com
Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      run.zip

    • Size

      129KB

    • MD5

      8defd9be9e347055ec8fe66d9b37d5b3

    • SHA1

      1fc4cc29708de635b00d716269980bf1c989766c

    • SHA256

      9d344a46b5756b2b89a883aff445dc25de22f6f2bade1229167d4cfcb6e1c17f

    • SHA512

      1bf77e8c0353404110d114bc7a82c4affb2a3e61df62c33e84fc6bbd2476543025ef595c5958dd33efdd96b20a13bbbaeea1b691fe8cd3bac1a0adb3c2c8e480

    • SSDEEP

      3072:YAgQeVrkQK9tRNKNXfVRFZXhar+qSL+9CyHTGPQ:YfrkvmJNHZXhASPyHp

    Score
    1/10
    behavioral1behavioral2

    • Target

      run/1.dll

    • Size

      253KB

    • MD5

      4712db19e5aca5f6e148bb767229968f

    • SHA1

      0017b8bbb86e6adb87fbb23e16f52854f4501b69

    • SHA256

      f41ea8e983c0e9e63eb3b0066eab277c45841f0c38f741e7486e846313b8c042

    • SHA512

      a7f372c63e1a8d532aefa10a98d1db0f2faac323d9d461c35128c55e1022abfb3db05f0f80a36a9816e65d26e5203ccfc983015c9405753eb3793735c46215ce

    • SSDEEP

      6144:Y98THz80vTxw8r3ycuQMv+pvtBc/X5v6jkeV:YakCTyC3ycuQMv0tyZ6j

    Score
    3/10
    behavioral3behavioral4

    • Target

      run/run.cmd

    • Size

      55B

    • MD5

      00df24498cc2da9bc3765421fb383f29

    • SHA1

      5bdd177dbd59f120b917e2dd59322ea1ddae41d8

    • SHA256

      90d2f244186244cd341407fb68fa3f0bb7d575369549acad0152371c420aa6e2

    • SHA512

      8d6f2011ef018361a309a667def47cd4f03d45779d38e5ebf7b93267d0ff803e42978e2634c345e3f60083f087b4a14e6fcfc8f543c85330cdb533b013bf5b6b

    Score
    10/10
    icedid607958445bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks