Overview

overview

10

Static

static

3

2024-05-27...im.exe

windows7-x64

10

2024-05-27...im.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-27_55583b5d1cf5bf17a8a444d703105a51_icedid_nymaim

  • Size

    4.4MB

  • Sample

    240527-3d871afa76

  • MD5

    55583b5d1cf5bf17a8a444d703105a51

  • SHA1

    4505a809d5a47b3d13fc687c202734922f227f4b

  • SHA256

    7b58053dd98be526f54646ff764e3a08e83ae5fae1975ddd5ad2f9f4197bdd49

  • SHA512

    f87c625903653c14a26d2c4959bcad0a08974ff46c562a99749031ab585238bc759072ce5b2bd1e0d60ce2e524cc84a4e64c41fd09870c5062037b8cbb5f2daa

  • SSDEEP

    49152:LFic9QERhCbKh4w8OZLniJdfdPxTROPE41oS5HiAGuj7Ql:Lv9QUHhmarwdPBRi1T5HiAGse

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

    • Target

      2024-05-27_55583b5d1cf5bf17a8a444d703105a51_icedid_nymaim

    • Size

      4.4MB

    • MD5

      55583b5d1cf5bf17a8a444d703105a51

    • SHA1

      4505a809d5a47b3d13fc687c202734922f227f4b

    • SHA256

      7b58053dd98be526f54646ff764e3a08e83ae5fae1975ddd5ad2f9f4197bdd49

    • SHA512

      f87c625903653c14a26d2c4959bcad0a08974ff46c562a99749031ab585238bc759072ce5b2bd1e0d60ce2e524cc84a4e64c41fd09870c5062037b8cbb5f2daa

    • SSDEEP

      49152:LFic9QERhCbKh4w8OZLniJdfdPxTROPE41oS5HiAGuj7Ql:Lv9QUHhmarwdPBRi1T5HiAGse

    Score
    10/10
    salitybackdoorevasiontrojanupx

    • Modifies firewall policy service

      evasion

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

      backdoorsality

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

    • UPX dump on OEP (original entry point)

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks