80f6330fb12ab444181cf567965a29435753bbe09f90617766e7449bd80ebce7 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-14...id.exe

windows7-x64

9

2024-05-14...id.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-14_cc94d4e741daf45e3955db6244915f6b_floxif_icedid
Size

3.9MB
Sample

240514-mtsl7acg89
MD5

cc94d4e741daf45e3955db6244915f6b
SHA1

60a3d4ac86f7a80cbea21645063d2fa06bb52ebc
SHA256

80f6330fb12ab444181cf567965a29435753bbe09f90617766e7449bd80ebce7
SHA512

974cde26785700c40445fcabcd678d935a60ebf5c9ee42c60f751128d775d36a4030d693fbcc90647824018f58d0c7584430bb311f863975efe864cc90750e2d
SSDEEP

49152:3lrytcnhHSCtyzqhQvW/hAjVYGm5oM1N3KkdEh4KUPPzlJ17n8Tiv:3lrIRC0zyh2YGm5L1N3R84PPP5Pb8Ts

Score

10^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-05-14_cc94d4e741daf45e3955db6244915f6b_floxif_icedid.exe

Resource

win7-20240215-en

adware persistence stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-14_cc94d4e741daf45e3955db6244915f6b_floxif_icedid.exe

Resource

win10v2004-20240508-en

adware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-05-14_cc94d4e741daf45e3955db6244915f6b_floxif_icedid
- Size
  
  3.9MB
- MD5
  
  cc94d4e741daf45e3955db6244915f6b
- SHA1
  
  60a3d4ac86f7a80cbea21645063d2fa06bb52ebc
- SHA256
  
  80f6330fb12ab444181cf567965a29435753bbe09f90617766e7449bd80ebce7
- SHA512
  
  974cde26785700c40445fcabcd678d935a60ebf5c9ee42c60f751128d775d36a4030d693fbcc90647824018f58d0c7584430bb311f863975efe864cc90750e2d
- SSDEEP
  
  49152:3lrytcnhHSCtyzqhQvW/hAjVYGm5oM1N3KkdEh4KUPPzlJ17n8Tiv:3lrIRC0zyh2YGm5L1N3R84PPP5Pb8Ts
Score

9^/10

adware persistence stealer upx
- UPX dump on OEP (original entry point)
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarestealerupx

© 2018-2025

Terms | Privacy