General
-
Target
2024-12-17_c961250ad9853c3ee1228b3c6629160e_icedid
-
Size
3.0MB
-
Sample
241217-3fljqasmcs
-
MD5
c961250ad9853c3ee1228b3c6629160e
-
SHA1
1f6203b26a4a577ad274c8ca2d70877927d044df
-
SHA256
8cdc181cec0f3eaf421c7c801859c8bb629510c56ce643c7c35071c33541b1ee
-
SHA512
404da73d5d997ac0fdcd332b8ea19be661226d11244d1c801810939b1b8487487dc2bb507899dfe95126355bb5dedac21ff9c7ff8439f5ac852cb25c15e3481c
-
SSDEEP
98304:FqshbRl6+qOyVq9dPZp72LZcLigmlcHLR6:0sh+POyVq91KZNlgLR6
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-17_c961250ad9853c3ee1228b3c6629160e_icedid.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-12-17_c961250ad9853c3ee1228b3c6629160e_icedid
-
Size
3.0MB
-
MD5
c961250ad9853c3ee1228b3c6629160e
-
SHA1
1f6203b26a4a577ad274c8ca2d70877927d044df
-
SHA256
8cdc181cec0f3eaf421c7c801859c8bb629510c56ce643c7c35071c33541b1ee
-
SHA512
404da73d5d997ac0fdcd332b8ea19be661226d11244d1c801810939b1b8487487dc2bb507899dfe95126355bb5dedac21ff9c7ff8439f5ac852cb25c15e3481c
-
SSDEEP
98304:FqshbRl6+qOyVq9dPZp72LZcLigmlcHLR6:0sh+POyVq91KZNlgLR6
-
Modifies firewall policy service
-
Sality family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5