General
-
Target
2024-12-15_78478e21d3d565bdbad21ea998100989_icedid_nymaim
-
Size
4.7MB
-
Sample
241215-avkazsyngz
-
MD5
78478e21d3d565bdbad21ea998100989
-
SHA1
1220591d01d37602d4c115fc1aa6595ac9d6c10c
-
SHA256
740c779fb642de8bd9b50dcb1a5669c88d997c8b6eae72f680ae858d06fde292
-
SHA512
a5886bb4cc43b6a1f31b1223178c9a43f160b86bc6dd9916b840103b66fa866c83cb1b43d61071f96abbc1704ac9b5a681d9e5c57020c0a5d2c2997976ca097c
-
SSDEEP
49152:NOSWCbNc7wKlXFJAgYPPhkmS/tajqOwBQ2dP5TROPE46tW5HiD3uZAt:c0csYInifojqNBdP5Ri6A5HiD3qAt
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-15_78478e21d3d565bdbad21ea998100989_icedid_nymaim.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-12-15_78478e21d3d565bdbad21ea998100989_icedid_nymaim
-
Size
4.7MB
-
MD5
78478e21d3d565bdbad21ea998100989
-
SHA1
1220591d01d37602d4c115fc1aa6595ac9d6c10c
-
SHA256
740c779fb642de8bd9b50dcb1a5669c88d997c8b6eae72f680ae858d06fde292
-
SHA512
a5886bb4cc43b6a1f31b1223178c9a43f160b86bc6dd9916b840103b66fa866c83cb1b43d61071f96abbc1704ac9b5a681d9e5c57020c0a5d2c2997976ca097c
-
SSDEEP
49152:NOSWCbNc7wKlXFJAgYPPhkmS/tajqOwBQ2dP5TROPE46tW5HiD3uZAt:c0csYInifojqNBdP5Ri6A5HiD3qAt
-
Modifies firewall policy service
-
Sality family
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5