General
-
Target
2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi
-
Size
1.8MB
-
Sample
240520-r4s3xseb88
-
MD5
22c3b92d4a7b00c09b9a01dc41c5484f
-
SHA1
a68380980141c691745c3079b84269a7fc571a79
-
SHA256
13c4cb31e54f93e0a642d03cfec51b59c1f99a735b82771e60d0c309d4fda40a
-
SHA512
bf7fd781ca0d30849989e633a1d94ac3899b9e07014affde0140002ea001f0817230ccd61803c93620879d8eb764b1d3e723bbac6e37bbf4ae73295edac0ee51
-
SSDEEP
49152:2BHTZQBIGoA5nN9615Z9VTNIeUOPI5E33uLkv4:2JZgoiN9615YeUfauYv4
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi.exe
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-05-20_22c3b92d4a7b00c09b9a01dc41c5484f_icedid_wapomi
-
Size
1.8MB
-
MD5
22c3b92d4a7b00c09b9a01dc41c5484f
-
SHA1
a68380980141c691745c3079b84269a7fc571a79
-
SHA256
13c4cb31e54f93e0a642d03cfec51b59c1f99a735b82771e60d0c309d4fda40a
-
SHA512
bf7fd781ca0d30849989e633a1d94ac3899b9e07014affde0140002ea001f0817230ccd61803c93620879d8eb764b1d3e723bbac6e37bbf4ae73295edac0ee51
-
SSDEEP
49152:2BHTZQBIGoA5nN9615Z9VTNIeUOPI5E33uLkv4:2JZgoiN9615YeUfauYv4
-
Modifies firewall policy service
-
Detects executables packed with ASPack
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5