General
-
Target
2024-04-23_10c3cb22ef88829ead39183ac57fc434_icedid
-
Size
1.1MB
-
Sample
240423-fc14nsdc27
-
MD5
10c3cb22ef88829ead39183ac57fc434
-
SHA1
a93acf5d4d71b7f79eb3ebb90f5062973e3752f5
-
SHA256
595d33b6d731c1087e6323434d292e812c1833f0f0c5eaa43167573f422c37a8
-
SHA512
67817013e79bd5a159902c3c03cd00aac40100910aa705fc0c96603883377ca9fa623ec333b719add0a615c0a9f80d70923842d8fc1cb14cb635cf964cbc986f
-
SSDEEP
24576:QZT2K+zRJsT1DQzICqs4DJcahFVpdCX/xXudzc:M27RJeDQzICqLJcEVdCX/xQzc
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-23_10c3cb22ef88829ead39183ac57fc434_icedid.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-04-23_10c3cb22ef88829ead39183ac57fc434_icedid
-
Size
1.1MB
-
MD5
10c3cb22ef88829ead39183ac57fc434
-
SHA1
a93acf5d4d71b7f79eb3ebb90f5062973e3752f5
-
SHA256
595d33b6d731c1087e6323434d292e812c1833f0f0c5eaa43167573f422c37a8
-
SHA512
67817013e79bd5a159902c3c03cd00aac40100910aa705fc0c96603883377ca9fa623ec333b719add0a615c0a9f80d70923842d8fc1cb14cb635cf964cbc986f
-
SSDEEP
24576:QZT2K+zRJsT1DQzICqs4DJcahFVpdCX/xXudzc:M27RJeDQzICqLJcEVdCX/xQzc
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3