General
-
Target
2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid
-
Size
4.9MB
-
Sample
240218-p1hrnsab3z
-
MD5
2ec0895c71868a80fe8e0405b0275442
-
SHA1
3f45e03beee6ebb9e755b2b9cd1fb4b5eee6fd79
-
SHA256
e7af1d76d39e4ad86ff5fb21b2661a86d75f93aab8fd8d1936114a89182d8415
-
SHA512
ad07ac18b4cba832fa6160dea1cff6b175f6d853f6d7f8e4e7de241a692610ff8905d44342d3eba46ac88e76dbb59d4d96c05613cbfcefe45dd0bfd8f561d9f2
-
SSDEEP
98304:CvupjjUTgy/BzudfnSzqAXC73H/zMkLskUdZI8TMqQOlOpPfyW4AOks:bjUTgFnSzv8MLnQOlO5fyLT
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid.exe
Resource
win7-20231215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-02-18_2ec0895c71868a80fe8e0405b0275442_icedid
-
Size
4.9MB
-
MD5
2ec0895c71868a80fe8e0405b0275442
-
SHA1
3f45e03beee6ebb9e755b2b9cd1fb4b5eee6fd79
-
SHA256
e7af1d76d39e4ad86ff5fb21b2661a86d75f93aab8fd8d1936114a89182d8415
-
SHA512
ad07ac18b4cba832fa6160dea1cff6b175f6d853f6d7f8e4e7de241a692610ff8905d44342d3eba46ac88e76dbb59d4d96c05613cbfcefe45dd0bfd8f561d9f2
-
SSDEEP
98304:CvupjjUTgy/BzudfnSzqAXC73H/zMkLskUdZI8TMqQOlOpPfyW4AOks:bjUTgFnSzv8MLnQOlO5fyLT
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5