General

  • Target

    2024-12-27_c29e35b66491acb632931aedb454395c_icedid

  • Size

    1.7MB

  • Sample

    241227-lq8csstqdm

  • MD5

    c29e35b66491acb632931aedb454395c

  • SHA1

    a0c62a4a6b9777987d978d64cd207604aa8f2e4e

  • SHA256

    8f8dd9636903dc81d44bce9a760b0e8eda730af537f1d0026f986dbd64c00fde

  • SHA512

    1b6df9c0f0cf0de13a82cbd2121cd7c643a4845aa4e788a4947e2b14ed2f72b6d4e4c269389a6863a061fc4b8dfca3703d399335bc1a1b9b291fd203196336ba

  • SSDEEP

    49152:pfsZaPxK+/B5QccVl7mJXD/wnOJtwVnPIJfC/bR3eNltN2zu3usDCaYVS:CZaPxKY5Q73mJXD/wnOJtwVPIxWbwN28

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Targets

    • Target

      2024-12-27_c29e35b66491acb632931aedb454395c_icedid

    • Size

      1.7MB

    • MD5

      c29e35b66491acb632931aedb454395c

    • SHA1

      a0c62a4a6b9777987d978d64cd207604aa8f2e4e

    • SHA256

      8f8dd9636903dc81d44bce9a760b0e8eda730af537f1d0026f986dbd64c00fde

    • SHA512

      1b6df9c0f0cf0de13a82cbd2121cd7c643a4845aa4e788a4947e2b14ed2f72b6d4e4c269389a6863a061fc4b8dfca3703d399335bc1a1b9b291fd203196336ba

    • SSDEEP

      49152:pfsZaPxK+/B5QccVl7mJXD/wnOJtwVnPIJfC/bR3eNltN2zu3usDCaYVS:CZaPxKY5Q73mJXD/wnOJtwVPIxWbwN28

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • Sality family

    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks