20de03a98fffc2c36f3f8a75bb410f5e70895315489193c2513f6e9320742eae | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2024-04-21...id.exe

windows7-x64

7

2024-04-21...id.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_b529d506ed2415456f1192faa1023cdc_icedid
Size

716KB
Sample

240421-yyg7ssah24
MD5

b529d506ed2415456f1192faa1023cdc
SHA1

1648537664fbb1457dd514f79da8d0265d4248ea
SHA256

20de03a98fffc2c36f3f8a75bb410f5e70895315489193c2513f6e9320742eae
SHA512

eefa2c6131d17a9d5d2560753a97693255bfcd7f5bf8c87e1661a9f1c5008b899b2a716d62ea99f02864cda80780b72def53d2c9296d9fc5a9c1e704d2725511
SSDEEP

12288:LGEfEx9LX3EJnj4YGgJQZJ26WIiGkHqFSrx/RfYkSRyBCEiP9j1RRE/0:LGinGgY2YivqIrx/RtiP9BRRE

Score

9^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-21_b529d506ed2415456f1192faa1023cdc_icedid.exe

Resource

win7-20240220-en

spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-21_b529d506ed2415456f1192faa1023cdc_icedid.exe

Resource

win10v2004-20240412-en

spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-21_b529d506ed2415456f1192faa1023cdc_icedid
- Size
  
  716KB
- MD5
  
  b529d506ed2415456f1192faa1023cdc
- SHA1
  
  1648537664fbb1457dd514f79da8d0265d4248ea
- SHA256
  
  20de03a98fffc2c36f3f8a75bb410f5e70895315489193c2513f6e9320742eae
- SHA512
  
  eefa2c6131d17a9d5d2560753a97693255bfcd7f5bf8c87e1661a9f1c5008b899b2a716d62ea99f02864cda80780b72def53d2c9296d9fc5a9c1e704d2725511
- SSDEEP
  
  12288:LGEfEx9LX3EJnj4YGgJQZJ26WIiGkHqFSrx/RfYkSRyBCEiP9j1RRE/0:LGinGgY2YivqIrx/RtiP9BRRE
Score

9^/10

spyware stealer
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables containing possible sandbox analysis VM usernames
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy