f574f42aab3c9986f192fc75a434361e510f79ea526c08b886fba1f6c1af7a71 | Triage

Sharing

General

Target

2024-02-12_cceddb47dad13963ae2d664109b3f784_icedid
Size

1.4MB
Sample

240212-y4k6msdc44
MD5

cceddb47dad13963ae2d664109b3f784
SHA1

50e90f05c5d3da8d68a5b0e3749d3bf6068033d7
SHA256

f574f42aab3c9986f192fc75a434361e510f79ea526c08b886fba1f6c1af7a71
SHA512

a149ac7ed4ff4a6d77fe476be860c15c923e09ec078d8f96c0f9a4f9300d01b2f1ad136c112db1bcfac834c02e66999b29ea0cf318d8c32644f6c519d541e513
SSDEEP

24576:QDhCfuvRglazfWGhJtex/BQOi0jamJuwCTkfM2tqnq+:2hCftazfWoJtexpQn0jawHScMC+

Score

9^/10

evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  2024-02-12_cceddb47dad13963ae2d664109b3f784_icedid
- Size
  
  1.4MB
- MD5
  
  cceddb47dad13963ae2d664109b3f784
- SHA1
  
  50e90f05c5d3da8d68a5b0e3749d3bf6068033d7
- SHA256
  
  f574f42aab3c9986f192fc75a434361e510f79ea526c08b886fba1f6c1af7a71
- SHA512
  
  a149ac7ed4ff4a6d77fe476be860c15c923e09ec078d8f96c0f9a4f9300d01b2f1ad136c112db1bcfac834c02e66999b29ea0cf318d8c32644f6c519d541e513
- SSDEEP
  
  24576:QDhCfuvRglazfWGhJtex/BQOi0jamJuwCTkfM2tqnq+:2hCftazfWoJtexpQn0jawHScMC+
Score

9^/10

evasion spyware stealer trojan
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan