Extracted

• • Target

    2023-08-26_2531d96393695a4a2c1258f0c0d9f4c3_icedid_JC.exe

  • Size

    437KB

  • MD5

    2531d96393695a4a2c1258f0c0d9f4c3

  • SHA1

    8539e32dd4fee240471a189372aa1420ce7c67dc

  • SHA256

    9ab36e49c71327684708541a2664ffdd1bdf5ceba5600e3b3b0c0169342f8158

  • SHA512

    8fc51efc3ee6c9287540d666c86a7f82c8fc564714f17fdea3a98c5aa0f9162c3338e918f99a45f8b83bff55b77a0d925977524f96bc6b2eff5753cdea939a71

  • SSDEEP

    6144:NsYQXsnUVx4ZXvQShdciXvbGLcqBG65tufv1Qp9A2+94juR1y93kxhLAdWWX4Kx0:NjndvQSrLXvbGIqBGr1m+917L79Kx0

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2