General
-
Target
JaffaCakes118_9e254e8136832a2c2a450992f7f8e68e3c19b697ff97095dd020650df8ca48f0
-
Size
152KB
-
Sample
241223-xftbnsxngt
-
MD5
9c68b0ebe38aafd28d826044d74c9ca7
-
SHA1
a452eda40e7f40942b5827466e681667a887fd09
-
SHA256
9e254e8136832a2c2a450992f7f8e68e3c19b697ff97095dd020650df8ca48f0
-
SHA512
2e16dca78f25c00aeee2b63f3f0dd8a6ea809a4eaa088fd7abaf23a343a8e12e93dcdb862cfc5a32ea84321289168dcae5e35956512cd58f0506fcda5a63ebcf
-
SSDEEP
3072:oMtO3c2PuzVMnKvenIfrNjYxcqKwsZBvznlXTwm6gqIRPLz0qd:oMt25PuhMOXf5jYxcQsjLnlXf6gqoLz5
Malware Config
Extracted
icedid
3501025339
wokitoki.top
selenaserena.today
compozitiminass.top
dakestoci.top
-
auth_var
1
-
url_path
/news/
Targets
-
-
Target
core 2/cmd.bat
-
Size
188B
-
MD5
bd1b70c8c1bfd69c1eef4b5e331f1286
-
SHA1
d05ab643ab2d8920b361ff92607bec051a5c494b
-
SHA256
4aff5f8cea0cd666039dcad0f6b343e1ad5aa9903d8cb76eed98d423d051f58e
-
SHA512
8f1f07e0f8f02b54ec6bcc6cda58b41464a7b7ac5c3392dd03635fcebbd3fd231e758f187861f037224abde4755faa1ab7cb627ec43e582f693a877f852949f2
Score1/10 -
-
-
Target
core 2/flush-32.dat
-
Size
36KB
-
MD5
7cec6a569641cccd49feaf7da98f357f
-
SHA1
8ebb0931fc902d96a962f394fd567a2d170308eb
-
SHA256
6afab1b1ef967ae3065a39108da0bea76ae88ae4a893d8106dabe679d96a51b4
-
SHA512
40f2b37bdbec174ae13f9d010c596d734cef0ba5d1efa94d08a0eef9f1c171cb0e1cac23d17b42c4f90341d78ea508cc7ab6a63bbd8185bb98eb4b33a3207d38
-
SSDEEP
384:s+d2+yoP2mwZOYgDZ02EQixOai3eqclA1uu6lA0vg62RRF8uRRd:s+d/DtPDZ0kix9i3ey1d6r46wP9L
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Icedid family
-