Overview

overview

10

Static

static

10

2024-03-27...id.exe

windows7-x64

9

2024-03-27...id.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-27_890ccdd953ad624f557516c5f94ef5ec_icedid

  • Size

    2.0MB

  • Sample

    240327-w3pfkahg49

  • MD5

    890ccdd953ad624f557516c5f94ef5ec

  • SHA1

    0137cd95c0cfbb4ea2659253b13f781a980914c0

  • SHA256

    d61b83ccbe8a440efc227f483a6a67000d7fb671b4c38227a2068fa4e5528e23

  • SHA512

    c7ce61f6ebb9b77d0ea5e63be869b9528e34d3c8add9ee34464d1f8f12b7f8a92d9a27fe3d3bbe70d680040f0fab909efdfb7e3e72425db2390d96c80616b11a

  • SSDEEP

    49152:vnsHyjtk2MYC5GDuTq24GjdGS9hWb2J3Y2p9tGk5fA:vnsmtk2aeEjdGSGb2Jo2b75fA

Score
10/10
persistence

Malware Config

Targets

    • Target

      2024-03-27_890ccdd953ad624f557516c5f94ef5ec_icedid

    • Size

      2.0MB

    • MD5

      890ccdd953ad624f557516c5f94ef5ec

    • SHA1

      0137cd95c0cfbb4ea2659253b13f781a980914c0

    • SHA256

      d61b83ccbe8a440efc227f483a6a67000d7fb671b4c38227a2068fa4e5528e23

    • SHA512

      c7ce61f6ebb9b77d0ea5e63be869b9528e34d3c8add9ee34464d1f8f12b7f8a92d9a27fe3d3bbe70d680040f0fab909efdfb7e3e72425db2390d96c80616b11a

    • SSDEEP

      49152:vnsHyjtk2MYC5GDuTq24GjdGS9hWb2J3Y2p9tGk5fA:vnsmtk2aeEjdGSGb2Jo2b75fA

    Score
    9/10
    persistence

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects executables (downlaoders) containing URLs to raw contents of a paste

    • Detects executables Discord URL observed in first stage droppers

    • Detects executables manipulated with Fody

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks