General
-
Target
2024-02-18_450a676bdc15da9311285d8f53dc15d1_icedid
-
Size
360KB
-
Sample
240218-v7dn7adc94
-
MD5
450a676bdc15da9311285d8f53dc15d1
-
SHA1
3e1a37e54efc7bc05a912ccb171ba42d3c60c935
-
SHA256
41ed194845fa4832c2441bd2921922fa87d37cb838771c12c6f61f17d601bed6
-
SHA512
2ba660ff68c32d0c0f81896ea799a8970ba6bd0160961fba56ab5ceb6d037714789061d5552d4604d9fe1b849b9065caae4c2fa8e4ce778d0ed11495dbf42437
-
SSDEEP
6144:E+WW5epjzXsDahlnQNWfbCEl5PHasRmB6ZVLBXDRXmshZU:RWWUpj7nQInhmcZVLnXDM
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_450a676bdc15da9311285d8f53dc15d1_icedid.exe
Resource
win7-20240215-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-02-18_450a676bdc15da9311285d8f53dc15d1_icedid
-
Size
360KB
-
MD5
450a676bdc15da9311285d8f53dc15d1
-
SHA1
3e1a37e54efc7bc05a912ccb171ba42d3c60c935
-
SHA256
41ed194845fa4832c2441bd2921922fa87d37cb838771c12c6f61f17d601bed6
-
SHA512
2ba660ff68c32d0c0f81896ea799a8970ba6bd0160961fba56ab5ceb6d037714789061d5552d4604d9fe1b849b9065caae4c2fa8e4ce778d0ed11495dbf42437
-
SSDEEP
6144:E+WW5epjzXsDahlnQNWfbCEl5PHasRmB6ZVLBXDRXmshZU:RWWUpj7nQInhmcZVLnXDM
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5