General

  • Target

    iceix_1.2.1.0.vir

  • Size

    215KB

  • Sample

    200719-f8ex44rlh6

  • MD5

    15dfafbd771ac6a0569d0c247b31c06d

  • SHA1

    934afa75b6f7439d53afe0f3e526b9bf60cc7101

  • SHA256

    94c9336a6e056520105481a9082e7e84c8a98a794a06b037c573bd9efc9df809

  • SHA512

    062cdbccfe3d818bf29d14c8b28e9f06b7154ca1c103f54940e4a12e41cea41e0a4352205d173e32c4b232521e422b80834e8896af2d1603cc4a2f33abba6bdb

Malware Config

Targets

    • Target

      iceix_1.2.1.0.vir

    • Size

      215KB

    • MD5

      15dfafbd771ac6a0569d0c247b31c06d

    • SHA1

      934afa75b6f7439d53afe0f3e526b9bf60cc7101

    • SHA256

      94c9336a6e056520105481a9082e7e84c8a98a794a06b037c573bd9efc9df809

    • SHA512

      062cdbccfe3d818bf29d14c8b28e9f06b7154ca1c103f54940e4a12e41cea41e0a4352205d173e32c4b232521e422b80834e8896af2d1603cc4a2f33abba6bdb

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Tasks