General

  • Target

    2024-02-20_e57b09357493f4d128df11ffc4f03af6_hacktools_icedid_xiaoba

  • Size

    3.4MB

  • Sample

    240220-sp1d5aad8z

  • MD5

    e57b09357493f4d128df11ffc4f03af6

  • SHA1

    718ae6def0f226483e14b983564fc3ba169b1521

  • SHA256

    1d62c01569449c441f9cfc93a0e1a4461e52005d949415d324093bf2f0874f47

  • SHA512

    b9dde18daafc83d6dcd07d925b1b8d6278035bcc0b19663e9307c07a82fd5934ba8379ec73699865d558ea4cf9e658019d39a39d6aa202a82c0eeee3f8fc6066

  • SSDEEP

    49152:kJKRWRwFxjSzSvlG4T47QYw0jtFJ3+BST1WMomJfZs30:b3jSzSlG4T47QYxjzIOWAJn

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-02-20_e57b09357493f4d128df11ffc4f03af6_hacktools_icedid_xiaoba

    • Size

      3.4MB

    • MD5

      e57b09357493f4d128df11ffc4f03af6

    • SHA1

      718ae6def0f226483e14b983564fc3ba169b1521

    • SHA256

      1d62c01569449c441f9cfc93a0e1a4461e52005d949415d324093bf2f0874f47

    • SHA512

      b9dde18daafc83d6dcd07d925b1b8d6278035bcc0b19663e9307c07a82fd5934ba8379ec73699865d558ea4cf9e658019d39a39d6aa202a82c0eeee3f8fc6066

    • SSDEEP

      49152:kJKRWRwFxjSzSvlG4T47QYw0jtFJ3+BST1WMomJfZs30:b3jSzSlG4T47QYxjzIOWAJn

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks