b25806a03ac8266cfc81e03a4079eade1da858a0b1d51a85080fd984234a4ed7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-30_da4b4225bc2757ac566cbcca02a589e9_hijackloader_icedid
Size

8.8MB
Sample

240930-mkzddazfnj
MD5

da4b4225bc2757ac566cbcca02a589e9
SHA1

4cfbcdbec1241ecbb4474ff1b509831d30cf6b63
SHA256

b25806a03ac8266cfc81e03a4079eade1da858a0b1d51a85080fd984234a4ed7
SHA512

16521bf6ea01c73dfcb50b6e3058b5e3ec4707089188451af121b820c99a9eb3dbe2adf39c8caf38c241aacb49f3b82cd9e148977f764c75c182a22c8f8d2381
SSDEEP

98304:EifOceGd6H7Sw4Or07t8RdxOFOG6Ckvc8veTP+hU7oiOcQ1GwvZGVrlyKGpVzArg:nuH7QOAuxOFbC9vjKGnc9BDal

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  2024-09-30_da4b4225bc2757ac566cbcca02a589e9_hijackloader_icedid
- Size
  
  8.8MB
- MD5
  
  da4b4225bc2757ac566cbcca02a589e9
- SHA1
  
  4cfbcdbec1241ecbb4474ff1b509831d30cf6b63
- SHA256
  
  b25806a03ac8266cfc81e03a4079eade1da858a0b1d51a85080fd984234a4ed7
- SHA512
  
  16521bf6ea01c73dfcb50b6e3058b5e3ec4707089188451af121b820c99a9eb3dbe2adf39c8caf38c241aacb49f3b82cd9e148977f764c75c182a22c8f8d2381
- SSDEEP
  
  98304:EifOceGd6H7Sw4Or07t8RdxOFOG6Ckvc8veTP+hU7oiOcQ1GwvZGVrlyKGpVzArg:nuH7QOAuxOFbC9vjKGnc9BDal
Score

7^/10

discovery persistence privilege_escalation
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation