Overview

overview

8

Static

static

iceix_1.2.2.0.vir.exe

windows7_x64

8

iceix_1.2.2.0.vir.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iceix_1.2.2.0.vir

  • Size

    271KB

  • Sample

    200719-sanzknrgm2

  • MD5

    b818f1dce8587940c47217dc0fd3315a

  • SHA1

    72dc63def88ee7f0e43531df0040e8d18daedce6

  • SHA256

    163fbd87c9a947ce59016e42a9e768ef2e801d0a2785ec48fb9b301d884cf759

  • SHA512

    a3193d3fcd4f439d435c821043fb67a8e156f96e971d20e42a18ace4634ab1c48f2caf24b33951b18344d4424e5737260a9e813741b80467d9a4a86c54cc009a

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      iceix_1.2.2.0.vir

    • Size

      271KB

    • MD5

      b818f1dce8587940c47217dc0fd3315a

    • SHA1

      72dc63def88ee7f0e43531df0040e8d18daedce6

    • SHA256

      163fbd87c9a947ce59016e42a9e768ef2e801d0a2785ec48fb9b301d884cf759

    • SHA512

      a3193d3fcd4f439d435c821043fb67a8e156f96e971d20e42a18ace4634ab1c48f2caf24b33951b18344d4424e5737260a9e813741b80467d9a4a86c54cc009a

    Score
    8/10
    evasionpersistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks