Overview

overview

8

Static

static

iceix_1.2.7.0.vir.exe

windows7_x64

8

iceix_1.2.7.0.vir.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iceix_1.2.7.0.vir

  • Size

    204KB

  • Sample

    200719-p75xbbxfve

  • MD5

    b92b8f41fdbf4ab686b0d596b102f67c

  • SHA1

    ecdfcdd954d17b4033ad01510e1206d021db9df3

  • SHA256

    9dfd9793dd172c0c6c730d2e2b3c9b5c9daa0c7e317ff4148b19c3aa95558471

  • SHA512

    dc02c9c9e4e505af9920f268f9d3d95164b0e5dd6e1e957859cef745138afc561b540921c5e1034547a7ac048d1e4b4ae9b033e6bae25a4395c52e97fbdb1153

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      iceix_1.2.7.0.vir

    • Size

      204KB

    • MD5

      b92b8f41fdbf4ab686b0d596b102f67c

    • SHA1

      ecdfcdd954d17b4033ad01510e1206d021db9df3

    • SHA256

      9dfd9793dd172c0c6c730d2e2b3c9b5c9daa0c7e317ff4148b19c3aa95558471

    • SHA512

      dc02c9c9e4e505af9920f268f9d3d95164b0e5dd6e1e957859cef745138afc561b540921c5e1034547a7ac048d1e4b4ae9b033e6bae25a4395c52e97fbdb1153

    Score
    8/10
    persistenceevasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks