General
-
Target
2024-03-12_d259af6e74e4c55e0b8eaaa7cdff9a7d_hacktools_icedid_ramnit
-
Size
6.8MB
-
Sample
240312-mtaflsgh99
-
MD5
d259af6e74e4c55e0b8eaaa7cdff9a7d
-
SHA1
88d6348142c38e052930a2bfce848c724ca43dd8
-
SHA256
c2eb0cae917bf69908a3036fe204d6c51ff14ed1008a5c28bb24aec29e1c883c
-
SHA512
3cd73eaf0b54a592dda8da0208be078711a04fb7e26f60916d3494ffd316cf7f6d2dcce4d4c81ecd98c0831e9f4e04d873608b44dc919b2d664f5c13f4f8c7b5
-
SSDEEP
98304:vFBAKYJcvyjxnrAxPVpWP1bjVdcoaaMhnsmtk2a+2SVMD8a73TaMBLsvD/D+don4:sUe1vVbM9LXk73TJY7/A1Yc
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-12_d259af6e74e4c55e0b8eaaa7cdff9a7d_hacktools_icedid_ramnit.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-03-12_d259af6e74e4c55e0b8eaaa7cdff9a7d_hacktools_icedid_ramnit
-
Size
6.8MB
-
MD5
d259af6e74e4c55e0b8eaaa7cdff9a7d
-
SHA1
88d6348142c38e052930a2bfce848c724ca43dd8
-
SHA256
c2eb0cae917bf69908a3036fe204d6c51ff14ed1008a5c28bb24aec29e1c883c
-
SHA512
3cd73eaf0b54a592dda8da0208be078711a04fb7e26f60916d3494ffd316cf7f6d2dcce4d4c81ecd98c0831e9f4e04d873608b44dc919b2d664f5c13f4f8c7b5
-
SSDEEP
98304:vFBAKYJcvyjxnrAxPVpWP1bjVdcoaaMhnsmtk2a+2SVMD8a73TaMBLsvD/D+don4:sUe1vVbM9LXk73TJY7/A1Yc
-
Modifies firewall policy service
-
Ramnit family
-
Detects Windows executables referencing non-Windows User-Agents
-
UPX dump on OEP (original entry point)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-