c0275ef884f252d337755c4ade37f06698271e40f3efab76f336631cb58b2b05 | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-25...id.exe

windows7-x64

9

2024-04-25...id.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-25_24c591db8fbdcaab94619d559d2fdd1d_floxif_icedid
Size

3.8MB
Sample

240425-f4qf9agb5v
MD5

24c591db8fbdcaab94619d559d2fdd1d
SHA1

4d38d2e9f8873b328e11ce02d6361f240a76cc6f
SHA256

c0275ef884f252d337755c4ade37f06698271e40f3efab76f336631cb58b2b05
SHA512

f0428a67043f30fa0a10a5daf8bd0d6f544fd7b357c6029b50b839e79e973031a1d3794300d26d6a707c8899accb206efc4c8d7b247dbb0d1273db71b2f5957d
SSDEEP

49152:o7xxwJR4Xxo69sJPBeqMoFd/nEpw1ywgjKjQ2Pk1IiG17n8TPj:o70jMy69ueq/PX1yw2l2Pkfkb8TL

Score

10^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-04-25_24c591db8fbdcaab94619d559d2fdd1d_floxif_icedid.exe

Resource

win7-20231129-en

adware persistence stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-25_24c591db8fbdcaab94619d559d2fdd1d_floxif_icedid.exe

Resource

win10v2004-20240412-en

adware persistence stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-25_24c591db8fbdcaab94619d559d2fdd1d_floxif_icedid
- Size
  
  3.8MB
- MD5
  
  24c591db8fbdcaab94619d559d2fdd1d
- SHA1
  
  4d38d2e9f8873b328e11ce02d6361f240a76cc6f
- SHA256
  
  c0275ef884f252d337755c4ade37f06698271e40f3efab76f336631cb58b2b05
- SHA512
  
  f0428a67043f30fa0a10a5daf8bd0d6f544fd7b357c6029b50b839e79e973031a1d3794300d26d6a707c8899accb206efc4c8d7b247dbb0d1273db71b2f5957d
- SSDEEP
  
  49152:o7xxwJR4Xxo69sJPBeqMoFd/nEpw1ywgjKjQ2Pk1IiG17n8TPj:o70jMy69ueq/PX1yw2l2Pkfkb8TL
Score

9^/10

adware persistence stealer upx
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- UPX dump on OEP (original entry point)
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy