General

  • Target

    2024-05-25_426b0a9cf588456c64a2005a11b7a02c_floxif_icedid

  • Size

    3.2MB

  • Sample

    240525-n14tgage98

  • MD5

    426b0a9cf588456c64a2005a11b7a02c

  • SHA1

    173919cd4ae0f94811748c86a65828f39f63e982

  • SHA256

    2cdd0fad0b3320d3ae00f60a19089fc5fea6fdf136fbe6d1848a0fd70d78ac79

  • SHA512

    601151482654bb109c4880b1ab2f235e8d385f8aecb93221990e7bd9dc478b58deb5e05a4d0601bf74e2fdb2b69cbb5957ddcd79cdfd659ba68be28b6f0b7927

  • SSDEEP

    98304:vB4iQ3DmcmkVW96u4VUwzzPyt6fCXPpoBXc:vGiQ3D/VL2gDs

Malware Config

Targets

    • Target

      2024-05-25_426b0a9cf588456c64a2005a11b7a02c_floxif_icedid

    • Size

      3.2MB

    • MD5

      426b0a9cf588456c64a2005a11b7a02c

    • SHA1

      173919cd4ae0f94811748c86a65828f39f63e982

    • SHA256

      2cdd0fad0b3320d3ae00f60a19089fc5fea6fdf136fbe6d1848a0fd70d78ac79

    • SHA512

      601151482654bb109c4880b1ab2f235e8d385f8aecb93221990e7bd9dc478b58deb5e05a4d0601bf74e2fdb2b69cbb5957ddcd79cdfd659ba68be28b6f0b7927

    • SSDEEP

      98304:vB4iQ3DmcmkVW96u4VUwzzPyt6fCXPpoBXc:vGiQ3D/VL2gDs

    • UPX dump on OEP (original entry point)

    • Modifies AppInit DLL entries

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks