Extracted

• • Target

    2024-12-30_67b6577f96a15a999c26a860f1d6b558_bkransomware_hawkeye_icedid

  • Size

    486KB

  • MD5

    67b6577f96a15a999c26a860f1d6b558

  • SHA1

    8cc24635464ffa2fd0b53ff1f15d84987e31ecf6

  • SHA256

    7168b2e9bb8f44c3f07ca0dc1d4052b2a0f418f6374828a0ca40d00715ae95f8

  • SHA512

    7c070c284935d72a9cb4c9a967391c88e5011ed5e5ec0bd05dadc90ad53acbbce1cabd53d15af84350e13f39847bca9a430c182fcb15021b37a3de837398a7c5

  • SSDEEP

    6144:CaUSeyqj6ztvrfMqBODlRCfr0Hg77nyihK6cO40YFX22Yres7Gm+:C/SRvAMqlRcrIg7nIIBesar

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2