5883e6136289b226ebad8a6f15954120bc502e96185346ef21c2b84c02451833 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2024-04-10...id.exe

windows7-x64

7

2024-04-10...id.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_1d81dd7669bdec19e865a6863d1f0126_icedid
Size

726KB
Sample

240410-yhfzsshg62
MD5

1d81dd7669bdec19e865a6863d1f0126
SHA1

c9b61acbba325963dea4e2803534c78d58147a53
SHA256

5883e6136289b226ebad8a6f15954120bc502e96185346ef21c2b84c02451833
SHA512

d084d3ff5870952ded78096f8a139d4c8317a60c1e4678cb59bc68943741c0714af735e38266ceff717b3fdee34afdbcbda6e3f70653be5773fd25b2b406e890
SSDEEP

12288:BtK/HqVXJX3QDLp55w6BegzJ26otS3SoiMtCm4rHLdZCv98u+ciFb:BM1rw6X2L0WiCm4LGPG1

Score

9^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-10_1d81dd7669bdec19e865a6863d1f0126_icedid.exe

Resource

win7-20240221-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-10_1d81dd7669bdec19e865a6863d1f0126_icedid.exe

Resource

win10v2004-20240226-en

spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-10_1d81dd7669bdec19e865a6863d1f0126_icedid
- Size
  
  726KB
- MD5
  
  1d81dd7669bdec19e865a6863d1f0126
- SHA1
  
  c9b61acbba325963dea4e2803534c78d58147a53
- SHA256
  
  5883e6136289b226ebad8a6f15954120bc502e96185346ef21c2b84c02451833
- SHA512
  
  d084d3ff5870952ded78096f8a139d4c8317a60c1e4678cb59bc68943741c0714af735e38266ceff717b3fdee34afdbcbda6e3f70653be5773fd25b2b406e890
- SSDEEP
  
  12288:BtK/HqVXJX3QDLp55w6BegzJ26otS3SoiMtCm4rHLdZCv98u+ciFb:BM1rw6X2L0WiCm4LGPG1
Score

9^/10

spyware stealer
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy