General
-
Target
2024-06-09_a9ddc1b8ef1f5c3254b1f253cb6e3cf5_icedid
-
Size
401KB
-
Sample
240609-msw8zshe6v
-
MD5
a9ddc1b8ef1f5c3254b1f253cb6e3cf5
-
SHA1
0ee73c8be1165c2c3afaf4bc8d55ad94f75c5d61
-
SHA256
12b3efa888e67dfb3042892a957ed070d46bbb1971b5ef74924485739bd6ebd7
-
SHA512
06173b2a6ea4fbf8b360ce11fdd2a5331cd0ee25e3f301a6d341fa515fcb3fae934ec892b9da660dca09019a6735c348edad33ce211f71b80798c5c65ebfc851
-
SSDEEP
6144:MznAtGqS5NjM2KbQbNYuhZ+6+eAbuQ5Zu60HnPLhD8Wt1f0hdHjbPqRncVly:MTLnp+BCQ5Zu60HnP1xijORnX
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-09_a9ddc1b8ef1f5c3254b1f253cb6e3cf5_icedid.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-06-09_a9ddc1b8ef1f5c3254b1f253cb6e3cf5_icedid
-
Size
401KB
-
MD5
a9ddc1b8ef1f5c3254b1f253cb6e3cf5
-
SHA1
0ee73c8be1165c2c3afaf4bc8d55ad94f75c5d61
-
SHA256
12b3efa888e67dfb3042892a957ed070d46bbb1971b5ef74924485739bd6ebd7
-
SHA512
06173b2a6ea4fbf8b360ce11fdd2a5331cd0ee25e3f301a6d341fa515fcb3fae934ec892b9da660dca09019a6735c348edad33ce211f71b80798c5c65ebfc851
-
SSDEEP
6144:MznAtGqS5NjM2KbQbNYuhZ+6+eAbuQ5Zu60HnPLhD8Wt1f0hdHjbPqRncVly:MTLnp+BCQ5Zu60HnP1xijORnX
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1