Overview

overview

7

Static

static

1

2024-09-21...im.exe

windows7-x64

7

2024-09-21...im.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-09-21_976313c5bb26ded943593c272cc45f85_darpapox_hijackloader_icedid_nymaim

  • Size

    19.9MB

  • Sample

    240921-rst6vawhjb

  • MD5

    976313c5bb26ded943593c272cc45f85

  • SHA1

    4d40a66595988ba556b5abade73a49918cd6a572

  • SHA256

    353598534e9d8434f2a824936196a4bba65c952e01b55d933347a3c75cb4de5d

  • SHA512

    c3d49b0a0b350ce14bf270fe5dbf758e035c8d83183cf5d0abff5763b122db4b2deae85591afa9a66e15a3c35cd212bd1dc8cf5447359897d6167061e3137e69

  • SSDEEP

    196608:5NjmHTEwfYI/cwZPmyYj4PaX3kkJpUYdT3sXCrxsQ59XaPtGG9cY4eR3GBXlCCfK:5NiHTTgxV3xsRtneY4ewOGskNcI2

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      2024-09-21_976313c5bb26ded943593c272cc45f85_darpapox_hijackloader_icedid_nymaim

    • Size

      19.9MB

    • MD5

      976313c5bb26ded943593c272cc45f85

    • SHA1

      4d40a66595988ba556b5abade73a49918cd6a572

    • SHA256

      353598534e9d8434f2a824936196a4bba65c952e01b55d933347a3c75cb4de5d

    • SHA512

      c3d49b0a0b350ce14bf270fe5dbf758e035c8d83183cf5d0abff5763b122db4b2deae85591afa9a66e15a3c35cd212bd1dc8cf5447359897d6167061e3137e69

    • SSDEEP

      196608:5NjmHTEwfYI/cwZPmyYj4PaX3kkJpUYdT3sXCrxsQ59XaPtGG9cY4eR3GBXlCCfK:5NiHTTgxV3xsRtneY4ewOGskNcI2

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks