Overview

overview

10

Static

static

3

40group.exe

windows7-x64

10

40group.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    40group.tiff

  • Size

    380KB

  • Sample

    230512-az7bbaba96

  • MD5

    f59b3c50d97fe7fa58001c345cbea37e

  • SHA1

    0e4c394560faf7853bcd9d51b7c959f0a093eb74

  • SHA256

    8d5d36c8ffb0a9c81b145aa40c1ff3475702fb0b5f9e08e0577bdc405087e635

  • SHA512

    257fb961278b6ac0a399f8e16d7cd7219388010982bb3183cb3c21c5b691a78ae15098b5958e31a385d3ff0b0d35050d72202d70e46e9becdbe830b662994a65

  • SSDEEP

    6144:gfmMGxnAR50hXwLhF0l2LF7PWbPINovTnJtKa6hVN:GmMGxAR5xLFQL6/N

Score
10/10
icedid548174735bankerloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

548174735

C2

magnwnce.com

corposted.com

presifered.com

coujtried.com

molinaro.top

amongolia.com

jjanuatu.com
Attributes
  • auth_var

    3

  • url_path

    /index.php

Targets

    • Target

      40group.tiff

    • Size

      380KB

    • MD5

      f59b3c50d97fe7fa58001c345cbea37e

    • SHA1

      0e4c394560faf7853bcd9d51b7c959f0a093eb74

    • SHA256

      8d5d36c8ffb0a9c81b145aa40c1ff3475702fb0b5f9e08e0577bdc405087e635

    • SHA512

      257fb961278b6ac0a399f8e16d7cd7219388010982bb3183cb3c21c5b691a78ae15098b5958e31a385d3ff0b0d35050d72202d70e46e9becdbe830b662994a65

    • SSDEEP

      6144:gfmMGxnAR50hXwLhF0l2LF7PWbPINovTnJtKa6hVN:GmMGxAR5xLFQL6/N

    Score
    10/10
    icedid548174735bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID Second Stage Loader

      loader
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks