Overview

overview

10

Static

static

10

e597b161cf...af.exe

windows7-x64

10

e597b161cf...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ac394ddbf23133627ffd200704a247e.bin

  • Size

    1.8MB

  • MD5

    779db7a2d646557891a2d6bf5b1dd441

  • SHA1

    745ead7a28fa33e9379181be64989ef9696ceb96

  • SHA256

    698a0dae88f839dd932587eaee64d459176659f3afe2ebd9c81f69162b18fd37

  • SHA512

    24a97ceff4313c8c0430452600f7acedbe4cdfc23a266572d4c9da4e535ea4bdc61478cbb19050ce580077f8d0a09d5b5d5505e453824cfe7657edc1cc251678

  • SSDEEP

    49152:wA7hfFVwCuWXiV4NxJ3glOrVCsi/WVqnnMOoKXIfOHqd:T7S2NDglMVCNxnRDguqd

Score
10/10
minerdropperbackdoorloadermatiexteardropicedid

Malware Config

Extracted

Family

icedid

Signatures

  • Detected TEARDROP fileless dropper 1 IoCs

    TEARDROP is a memory-only dropper which can read files/registry keys, decode an embedded payload, and load it directly into memory.

    dropperbackdoor
  • Icedid family
    icedid
  • Matiex Main payload 1 IoCs
  • Matiex family
    matiex
  • Teardrop family
    teardrop
  • Detectes Phoenix Miner Payload 1 IoCs
    miner

Files

  • 1ac394ddbf23133627ffd200704a247e.bin
    .zip

    Password: infected

  • e597b161cf2d643c4e579ef238ca111d23efd5d8a832f1be0fd8b0dae78ec0af.exe
    .exe .js windows x86

    Password: infected