Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid
-
Size
4.0MB
-
Sample
240416-vzhm6sga58
-
MD5
d5bfe20d5faf0e1fd21352cd5c301705
-
SHA1
f70675c9e3449931763e02473859e81f5dfa42a4
-
SHA256
990c0d4c483f48ab674323f2af077520ec1e2d572eff6aa6cf683788fda462d4
-
SHA512
ffd08c9027134f5cd3f025a283a76b812ae4f9079d77e563a21cb3338a4b19a18a9e92b9d0b198852962fa5eb648a081eb01c3205acb8c1e6e363d07aead7aa8
-
SSDEEP
12288:p1V5z4orgIEI2Q/Q1PoZx+BC+ZbXIrW0iI:pJzLEIR3H+uW0iI
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-04-16_d5bfe20d5faf0e1fd21352cd5c301705_icedid
-
Size
4.0MB
-
MD5
d5bfe20d5faf0e1fd21352cd5c301705
-
SHA1
f70675c9e3449931763e02473859e81f5dfa42a4
-
SHA256
990c0d4c483f48ab674323f2af077520ec1e2d572eff6aa6cf683788fda462d4
-
SHA512
ffd08c9027134f5cd3f025a283a76b812ae4f9079d77e563a21cb3338a4b19a18a9e92b9d0b198852962fa5eb648a081eb01c3205acb8c1e6e363d07aead7aa8
-
SSDEEP
12288:p1V5z4orgIEI2Q/Q1PoZx+BC+ZbXIrW0iI:pJzLEIR3H+uW0iI
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
Detects executables packed with VMProtect.
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5