31118630b521b739250af9cb32b519a6127df0ebb1a6f70a1492d175e6ac849c | Triage

Sharing

General

Target

2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid
Size

4.1MB
Sample

240212-w5q26scf22
MD5

e0473283a4e3a1431b302bb025944b84
SHA1

442816970107fafc4c68ad17cbe07df56eafcfa5
SHA256

31118630b521b739250af9cb32b519a6127df0ebb1a6f70a1492d175e6ac849c
SHA512

e0c43ced37aa8214f533c520e8932ef3b0b89319910b66bee7667e84f0098131ef107eebfc316037eb8e7707c52a731c3006d8d5b7e14174a067795ad90d3577
SSDEEP

98304:iLhySmXjjnsNPWWTPZA67aVo1N6hxvWbrtUTrUHO23:Uy9nsNfZA67ay1wx+NcIOA

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid
- Size
  
  4.1MB
- MD5
  
  e0473283a4e3a1431b302bb025944b84
- SHA1
  
  442816970107fafc4c68ad17cbe07df56eafcfa5
- SHA256
  
  31118630b521b739250af9cb32b519a6127df0ebb1a6f70a1492d175e6ac849c
- SHA512
  
  e0c43ced37aa8214f533c520e8932ef3b0b89319910b66bee7667e84f0098131ef107eebfc316037eb8e7707c52a731c3006d8d5b7e14174a067795ad90d3577
- SSDEEP
  
  98304:iLhySmXjjnsNPWWTPZA67aVo1N6hxvWbrtUTrUHO23:Uy9nsNfZA67ay1wx+NcIOA
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2