0ddfcd9f8b879e612c25ec2474cb4fc6d820b76a9585ff840789fad32bd690c2 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2024-04-18...id.exe

windows7-x64

7

2024-04-18...id.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-18_7cce2ca74a8b4b2f6ba963a0567b74dd_icedid
Size

713KB
Sample

240418-yscecseg2s
MD5

7cce2ca74a8b4b2f6ba963a0567b74dd
SHA1

716f78c945c23a43027c9e3fa6b7daaeab3ca7cf
SHA256

0ddfcd9f8b879e612c25ec2474cb4fc6d820b76a9585ff840789fad32bd690c2
SHA512

0aa20d822b642b8383fefa9bb5510ef0403cbb4af4d07701bf53b81e048fe9f75b883ac49a24b92c30483ec86da31b5cd755c1d4f483a108a7022dccb6128ded
SSDEEP

12288:UjHFEdlULc3NX3SZKM0uJZc0RyzQc+26oMCcUi1WEUldLVatSgVoRebI:U72g5bc0L2uCDLk8R

Score

9^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-18_7cce2ca74a8b4b2f6ba963a0567b74dd_icedid.exe

Resource

win7-20231129-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-18_7cce2ca74a8b4b2f6ba963a0567b74dd_icedid.exe

Resource

win10v2004-20240412-en

spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-18_7cce2ca74a8b4b2f6ba963a0567b74dd_icedid
- Size
  
  713KB
- MD5
  
  7cce2ca74a8b4b2f6ba963a0567b74dd
- SHA1
  
  716f78c945c23a43027c9e3fa6b7daaeab3ca7cf
- SHA256
  
  0ddfcd9f8b879e612c25ec2474cb4fc6d820b76a9585ff840789fad32bd690c2
- SHA512
  
  0aa20d822b642b8383fefa9bb5510ef0403cbb4af4d07701bf53b81e048fe9f75b883ac49a24b92c30483ec86da31b5cd755c1d4f483a108a7022dccb6128ded
- SSDEEP
  
  12288:UjHFEdlULc3NX3SZKM0uJZc0RyzQc+26oMCcUi1WEUldLVatSgVoRebI:U72g5bc0L2uCDLk8R
Score

9^/10

spyware stealer
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy