Overview

overview

7

Static

static

1

2024-09-21...im.exe

windows7-x64

7

2024-09-21...im.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-09-21_d1b080e5c7b3263d53f9eef8d8332e7d_darpapox_hijackloader_icedid_nymaim

  • Size

    20.0MB

  • Sample

    240921-rvpn5sxdkl

  • MD5

    d1b080e5c7b3263d53f9eef8d8332e7d

  • SHA1

    ab7e9b9f88a72e3e9962d9f735dc20a6c94f48ab

  • SHA256

    ae4c06c4b6890b09e15d82ad20f110e8c7c4864bd7f606d74357be74fbfc8072

  • SHA512

    be71df5f501ac3c6b5475d2d110a7dfd837088dd44680c1c7fc0f59fd7d794074b35e62437fffaae88d6dda3ded4101514b14d9557ab098341f9becbdfdf3c8d

  • SSDEEP

    196608:TiTCfQ8VvtCd//QAD5z3L2fUHXsLGXLLaOQktYRZeEj9kI31Yg94eR3GBXlCCWkR:TiTn8i0G3t1SB3Cw4ewP0kNcIH

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      2024-09-21_d1b080e5c7b3263d53f9eef8d8332e7d_darpapox_hijackloader_icedid_nymaim

    • Size

      20.0MB

    • MD5

      d1b080e5c7b3263d53f9eef8d8332e7d

    • SHA1

      ab7e9b9f88a72e3e9962d9f735dc20a6c94f48ab

    • SHA256

      ae4c06c4b6890b09e15d82ad20f110e8c7c4864bd7f606d74357be74fbfc8072

    • SHA512

      be71df5f501ac3c6b5475d2d110a7dfd837088dd44680c1c7fc0f59fd7d794074b35e62437fffaae88d6dda3ded4101514b14d9557ab098341f9becbdfdf3c8d

    • SSDEEP

      196608:TiTCfQ8VvtCd//QAD5z3L2fUHXsLGXLLaOQktYRZeEj9kI31Yg94eR3GBXlCCWkR:TiTn8i0G3t1SB3Cw4ewP0kNcIH

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks