icedid | a43e9d152796855e2d736ddfa8f65332ae1b4b8be8cd6592ecef9c9ab9ca2394 | Triage

Sharing

General

Target

JaffaCakes118_a43e9d152796855e2d736ddfa8f65332ae1b4b8be8cd6592ecef9c9ab9ca2394
Size

4.1MB
Sample

241222-b2t97syjgq
MD5

ad62d5bf261595d995a5cae07bbcf268
SHA1

9d1832e666258c19de888a16b228bd50d4007497
SHA256

a43e9d152796855e2d736ddfa8f65332ae1b4b8be8cd6592ecef9c9ab9ca2394
SHA512

e6e7cfd5e264c0683b4c9a61abfa677082ab4bc6032c8c6f343f1ad87612212567cb074bd61c2ded8ecc4a985dfcd496ab26a60c3610358dad1aa6f1c1a4c869
SSDEEP

98304:GjnJej/rNbVTknPhFxzLEhLfHToBwpSOXCU4Xn1lYrVqJefaa:kwrNJQjxzODzJSOz4XncrVqJUaa

Score

10^/10

icedid 1820688957 core_loader

Malware Config

Extracted

Family

icedid

Botnet

1820688957

C2

timerework.fun

pexxota.space

Attributes

auth_var
6
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  116B
- MD5
  
  f5b21b76543e9d9e0266907eba908086
- SHA1
  
  cc36e63f29e87b8fb761cb522e5dcf67260ede59
- SHA256
  
  12798db160501db81306c6cca0ab2304a1b7222da6ec99f0ccbdb67dcf442660
- SHA512
  
  6908cf93c848c4f4a1ade20bbba17e8f0e7af788d8d2de342b56dcee240f03ab88aeb4cb453fb3630bb885bac701e48e0cbcc721e393acef41cb163eaadb0ab3
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  vessel-64.dat
- Size
  
  4.5MB
- MD5
  
  6d912f3cb045cfce88c96f0da2addf3b
- SHA1
  
  52286ca71ac4239c5e2faad25e569f83ca4b35ee
- SHA256
  
  7051f30a6b9c7826f017faf69fe52c6e28c71af1ef5e1dbaae9c6f8a885019a7
- SHA512
  
  e22e4b89a9f7f659d89949b18df93c24087eaffe7e1399d8ca9eaff3a941fa3e2c4945dea03ffa3fb087ffcaa30c9d16bd29ecc7e158b9e5e4c5eccd530312cd
- SSDEEP
  
  98304:/vmHkq1lvap8NePY/WHFUKKBKjIYm3kjQDmwljY6uL4p:WH51lvNePoWuKKMkYxWmwljluUp
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

core_loader1820688957icedid

behavioral1

behavioral2

behavioral3

behavioral4