General
-
Target
IcecreamVideoEditorPro3.17.h.taiwebs.com.zip
-
Size
69.7MB
-
Sample
240329-3xj28acc7x
-
MD5
8ee8753b5a9c8504c185851be6d22840
-
SHA1
481a3a8279199b9bb335086ab3e814379d2998ae
-
SHA256
51eb9c64889408fb5d3ade288b46686fb3690c6887bace384f8576f10ef9587e
-
SHA512
63f39f709fb521090ea0456e5ec03093af126ad230b96a1e7a6c3600eac04144faa3b3ec99f55e315ed36dc28cb2520f787c66814bbb062a15d966eaa49b2931
-
SSDEEP
1572864:BN0SfV6aTUwj9VrOlkIICLP2dcsSvxmZbqwl7rLAQY24aafmOe:B+iVHTZRV9G+AxmZewxLyfmt
Malware Config
Targets
-
-
Target
IcecreamVideoEditorPro3.17.h.taiwebs.com.zip
-
Size
69.7MB
-
MD5
8ee8753b5a9c8504c185851be6d22840
-
SHA1
481a3a8279199b9bb335086ab3e814379d2998ae
-
SHA256
51eb9c64889408fb5d3ade288b46686fb3690c6887bace384f8576f10ef9587e
-
SHA512
63f39f709fb521090ea0456e5ec03093af126ad230b96a1e7a6c3600eac04144faa3b3ec99f55e315ed36dc28cb2520f787c66814bbb062a15d966eaa49b2931
-
SSDEEP
1572864:BN0SfV6aTUwj9VrOlkIICLP2dcsSvxmZbqwl7rLAQY24aafmOe:B+iVHTZRV9G+AxmZewxLyfmt
Score1/10 -
-
-
Target
Patch.exe
-
Size
917KB
-
MD5
e434437bbcfa95a0e809f2ab2d8d4b05
-
SHA1
304774b335b987979157c9c69b17caf6ac9de059
-
SHA256
05732b23340450e6e58ffe3964b0c7581987b8fbe69999e2e772918babab38f6
-
SHA512
5d08e51c57cc1178bd0f2928c4deaebd967d2772d4b25b2b1fc726bedcbfbe92107d3426c00dba22289a81b877628d01e3bd5091570190ba8472ff0ab324e3ca
-
SSDEEP
24576:tcKS/DI6xofeQoYRbWW9UQkTLzKyvFMOQ49Ve:qM2ofnoObJo9V
Score10/10-
GoldDragon
GoldDragon is a second-stage backdoor attributed to Kimsuky.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
Icecream Video Editor Pro 3.17 Multilingual/video_editor_setup.exe
-
Size
69.0MB
-
MD5
c12e8a3bf193761868dd5319882988ab
-
SHA1
8032f1de9dfc3d97b00f60ca2d71e849323809f1
-
SHA256
5ecc3788aae277215f073973999b46a04dea04a30f3f5e62b6db0643eff42963
-
SHA512
025b79d672eeaea92128e798a273fccb04dd33e021755e4eb06bef14266fbae0abf3f3d2ce6de64bebc53a5094947dac120a044b979ed19c2c9e457c1a514600
-
SSDEEP
1572864:vcvu1/X53E/MVlc+nCrvVCn0SRi/MfnP00cFVLPAtuxrTlAAPk6V/xkMGo:EGH0/MtmvVoFRiYUFVcWTlZPkKiMGo
Score4/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1