Overview

overview

10

Static

static

10

core.bat

windows7-x64

5

core.bat

windows10-2004-x64

10

vessel-64.dll

windows7-x64

5

vessel-64.dll

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_660effaf33e85bc19be61ab5cfa64fc187bc9902317c292770a5a18683b000ed

  • Size

    4.1MB

  • Sample

    241222-asnwdsvrgx

  • MD5

    c790bf1bd8420e2deb566231306b99ce

  • SHA1

    a8272fe150185bbb74ef087a1727c5842e3859fa

  • SHA256

    660effaf33e85bc19be61ab5cfa64fc187bc9902317c292770a5a18683b000ed

  • SHA512

    3aaec32118565336be00992ccd1257a454d5bca9c3e7bf8b8667ec025ee1bb8d6d89420bad145e28b0b98f7836691c902ac338154f2edb2d13343c7765b50e5c

  • SSDEEP

    98304:PjnJe1/rNbVTknPhFxzLEhLfHToBwpSOXCU4Xn1lYrVqJefaT:zerNJQjxzODzJSOz4XncrVqJUaT

Score
10/10
icedid1820688957bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1820688957

C2

timerework.fun

pexxota.space
Attributes
  • auth_var

    6

  • url_path

    /news/

Targets

    • Target

      core.bat

    • Size

      186B

    • MD5

      c69400616b3e6ff4875c8322f7ef0ed1

    • SHA1

      da112c52c72f50a64ff4aabcec17f5f3c16c5148

    • SHA256

      d6e0649ba38b6acbd75fd06d34cbe332220c4b6d7d774afceaa2816a6bd8ba68

    • SHA512

      2c61b0c6578eb8306da959ad329723902469a07418b2ea80a93f330f59ce757c0d660b7ae915d6d14735e6557b324668c6fd1af9cc0da866cc139fc35e5df0f9

    Score
    10/10
    icedid1820688957bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Icedid family

      icedid

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      vessel-64.dat

    • Size

      4.5MB

    • MD5

      6d912f3cb045cfce88c96f0da2addf3b

    • SHA1

      52286ca71ac4239c5e2faad25e569f83ca4b35ee

    • SHA256

      7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7

    • SHA512

      e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd

    • SSDEEP

      98304:/vmHkq1lvap8NePY/WHFUKKBKjIYm3kjQDmwljY6uL4p:WH51lvNePoWuKKMkYxWmwljluUp

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks