Overview

overview

10

Static

static

3

2024-05-14...id.exe

windows7-x64

10

2024-05-14...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-14_1962cec144630224183ee8103d28d116_icedid

  • Size

    2.8MB

  • Sample

    240514-h963asfa8y

  • MD5

    1962cec144630224183ee8103d28d116

  • SHA1

    152159933027afbee33efddc8a7d5aac7122accd

  • SHA256

    57a4bcc2e450cf6f5bf7daa405ffa6312b970c59673611429ac427b9ca75d459

  • SHA512

    98bd05649b09df3a2c67d6e8aaa16932fdf6290a31c3582d40db190d9999f709612ddc95d6375a20065e3487ef833d6405801ad07a65cd7694c0890183292c6a

  • SSDEEP

    49152:oX4uXjo0ZeY3dlI0SpxM3M7TF9FN5vUikV1XacrE1:I4uTo0ZewbI0Sp7yDXakE1

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      2024-05-14_1962cec144630224183ee8103d28d116_icedid

    • Size

      2.8MB

    • MD5

      1962cec144630224183ee8103d28d116

    • SHA1

      152159933027afbee33efddc8a7d5aac7122accd

    • SHA256

      57a4bcc2e450cf6f5bf7daa405ffa6312b970c59673611429ac427b9ca75d459

    • SHA512

      98bd05649b09df3a2c67d6e8aaa16932fdf6290a31c3582d40db190d9999f709612ddc95d6375a20065e3487ef833d6405801ad07a65cd7694c0890183292c6a

    • SSDEEP

      49152:oX4uXjo0ZeY3dlI0SpxM3M7TF9FN5vUikV1XacrE1:I4uTo0ZewbI0Sp7yDXakE1

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks