656317359d5c13c1575c6826896902d8026229bd66534e7d7fb650a0d5cb667d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_4808ed4094c80b86034179bd0c8037b1_icedid_JC.exe
Size

3.6MB
Sample

230923-rz1xzaac67
MD5

4808ed4094c80b86034179bd0c8037b1
SHA1

e533ba12999c4d3c47f5819936f0b57be759a4a2
SHA256

656317359d5c13c1575c6826896902d8026229bd66534e7d7fb650a0d5cb667d
SHA512

cc7b0b78ca1938ae8c163da4272cf2f90474643905302e87ccfc566ff0b5a493e00eca0aea0dc41e1d2d24aeb291f61efcd98f93ad210037839c8f3885868865
SSDEEP

98304:R8/II/rw/MDxhs6t/lgndLtqISJ0e/MB6hxvWbrtUTrUHO2/:R+LemJ0e/Mkx+NcIOW

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2023-08-26_4808ed4094c80b86034179bd0c8037b1_icedid_JC.exe
- Size
  
  3.6MB
- MD5
  
  4808ed4094c80b86034179bd0c8037b1
- SHA1
  
  e533ba12999c4d3c47f5819936f0b57be759a4a2
- SHA256
  
  656317359d5c13c1575c6826896902d8026229bd66534e7d7fb650a0d5cb667d
- SHA512
  
  cc7b0b78ca1938ae8c163da4272cf2f90474643905302e87ccfc566ff0b5a493e00eca0aea0dc41e1d2d24aeb291f61efcd98f93ad210037839c8f3885868865
- SSDEEP
  
  98304:R8/II/rw/MDxhs6t/lgndLtqISJ0e/MB6hxvWbrtUTrUHO2/:R+LemJ0e/Mkx+NcIOW
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2