General
-
Target
2024-02-20_e57b09357493f4d128df11ffc4f03af6_hacktools_icedid_xiaoba
-
Size
3.4MB
-
Sample
240220-sp1d5aad8z
-
MD5
e57b09357493f4d128df11ffc4f03af6
-
SHA1
718ae6def0f226483e14b983564fc3ba169b1521
-
SHA256
1d62c01569449c441f9cfc93a0e1a4461e52005d949415d324093bf2f0874f47
-
SHA512
b9dde18daafc83d6dcd07d925b1b8d6278035bcc0b19663e9307c07a82fd5934ba8379ec73699865d558ea4cf9e658019d39a39d6aa202a82c0eeee3f8fc6066
-
SSDEEP
49152:kJKRWRwFxjSzSvlG4T47QYw0jtFJ3+BST1WMomJfZs30:b3jSzSlG4T47QYxjzIOWAJn
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-20_e57b09357493f4d128df11ffc4f03af6_hacktools_icedid_xiaoba.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-02-20_e57b09357493f4d128df11ffc4f03af6_hacktools_icedid_xiaoba
-
Size
3.4MB
-
MD5
e57b09357493f4d128df11ffc4f03af6
-
SHA1
718ae6def0f226483e14b983564fc3ba169b1521
-
SHA256
1d62c01569449c441f9cfc93a0e1a4461e52005d949415d324093bf2f0874f47
-
SHA512
b9dde18daafc83d6dcd07d925b1b8d6278035bcc0b19663e9307c07a82fd5934ba8379ec73699865d558ea4cf9e658019d39a39d6aa202a82c0eeee3f8fc6066
-
SSDEEP
49152:kJKRWRwFxjSzSvlG4T47QYw0jtFJ3+BST1WMomJfZs30:b3jSzSlG4T47QYxjzIOWAJn
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5