Overview

overview

8

Static

static

iceix_1.2.0.0.vir.exe

windows7_x64

8

iceix_1.2.0.0.vir.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iceix_1.2.0.0.vir

  • Size

    145KB

  • Sample

    200719-qfne53b3ae

  • MD5

    4581c813cbc584530b75c58c30d8b29b

  • SHA1

    ae17112eff30ff1daacac943e5551a31f7e896a6

  • SHA256

    fa4bd653c43c8c9ce265eba2bd425962752b062fea81327d3cd5338b545d611e

  • SHA512

    7272b1cc00db4355709794fd39cc1bf281d636f12dbd4538aee1b5f15eebbb7676a9297fd1e54766348865b5f5794f2dd93d10b566422702f4c6555bbb66634f

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      iceix_1.2.0.0.vir

    • Size

      145KB

    • MD5

      4581c813cbc584530b75c58c30d8b29b

    • SHA1

      ae17112eff30ff1daacac943e5551a31f7e896a6

    • SHA256

      fa4bd653c43c8c9ce265eba2bd425962752b062fea81327d3cd5338b545d611e

    • SHA512

      7272b1cc00db4355709794fd39cc1bf281d636f12dbd4538aee1b5f15eebbb7676a9297fd1e54766348865b5f5794f2dd93d10b566422702f4c6555bbb66634f

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks