General
-
Target
2024-02-28_8e326a6ed246425c95e6c760619bf646_cobalt-strike_floxif_icedid
-
Size
830KB
-
Sample
240228-hc4wnsdd9t
-
MD5
8e326a6ed246425c95e6c760619bf646
-
SHA1
c67c4401ddac7f9d043d2cdfc95010183f66805a
-
SHA256
aafe297f6fc15192f36f7214b3aa893a2eac6f283ea5673673b2f1bf72adc337
-
SHA512
5dc933072350915bdb351f87d9c4c2d62cd3d34a1551c53d809f91f3d8fa180af54008955876dc1cab3eee8e84ea47bb10fc9fcc565125afbf126aa73b3cf1a7
-
SSDEEP
12288:DGlo/L9QuHJrwxXZsvqU1MapTQL00R1IitdG09apb5WCqBjvrEH7NKOt:4SQ+UXZnU1/psY0HIitY1p1WrEH7x
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-28_8e326a6ed246425c95e6c760619bf646_cobalt-strike_floxif_icedid.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-02-28_8e326a6ed246425c95e6c760619bf646_cobalt-strike_floxif_icedid
-
Size
830KB
-
MD5
8e326a6ed246425c95e6c760619bf646
-
SHA1
c67c4401ddac7f9d043d2cdfc95010183f66805a
-
SHA256
aafe297f6fc15192f36f7214b3aa893a2eac6f283ea5673673b2f1bf72adc337
-
SHA512
5dc933072350915bdb351f87d9c4c2d62cd3d34a1551c53d809f91f3d8fa180af54008955876dc1cab3eee8e84ea47bb10fc9fcc565125afbf126aa73b3cf1a7
-
SSDEEP
12288:DGlo/L9QuHJrwxXZsvqU1MapTQL00R1IitdG09apb5WCqBjvrEH7NKOt:4SQ+UXZnU1/psY0HIitY1p1WrEH7x
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Modifies AppInit DLL entries
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6