General
-
Target
2024-10-14_95a88f8589ef18c741c8da29e9114e77_floxif_icedid
-
Size
712KB
-
Sample
241014-rslvgazbpe
-
MD5
95a88f8589ef18c741c8da29e9114e77
-
SHA1
24182e89ba65b0e7157a589f0dac3b68b075a14c
-
SHA256
2e046c94c42e8c96059e24d19080fd810343dd122b86ee61b47d3e069ecc576d
-
SHA512
acfa7c08579e75ad6a43824196b7c0dbc53925c83542b0a3998ccd64417202ebe4694ddf36fa29835e8c46ff3b8e4220f1ca747f131627d2d75c786487186d25
-
SSDEEP
12288:o5UnhjOmG0fJO6egrrEQFauJsfmhR5ju0phsQ9PaUynbiljjQt6pgw/HuADmaBjY:qUnxU0JVhRZdpmQ9YyjjQtSgKXrEH7t
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-14_95a88f8589ef18c741c8da29e9114e77_floxif_icedid.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-14_95a88f8589ef18c741c8da29e9114e77_floxif_icedid.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-14_95a88f8589ef18c741c8da29e9114e77_floxif_icedid
-
Size
712KB
-
MD5
95a88f8589ef18c741c8da29e9114e77
-
SHA1
24182e89ba65b0e7157a589f0dac3b68b075a14c
-
SHA256
2e046c94c42e8c96059e24d19080fd810343dd122b86ee61b47d3e069ecc576d
-
SHA512
acfa7c08579e75ad6a43824196b7c0dbc53925c83542b0a3998ccd64417202ebe4694ddf36fa29835e8c46ff3b8e4220f1ca747f131627d2d75c786487186d25
-
SSDEEP
12288:o5UnhjOmG0fJO6egrrEQFauJsfmhR5ju0phsQ9PaUynbiljjQt6pgw/HuADmaBjY:qUnxU0JVhRZdpmQ9YyjjQtSgKXrEH7t
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1