General
-
Target
2024-06-29_32ff527d2f71c7b1f04954120653e422_icedid
-
Size
21.5MB
-
Sample
240629-rq8w8asdjq
-
MD5
32ff527d2f71c7b1f04954120653e422
-
SHA1
7a6ddffade568cd3aa86a7a0e0e8392281dfc79a
-
SHA256
b12603b764014e5d1adecbc3e98e492948f0fa21d01e0c2ea2a3a684f58317b1
-
SHA512
f2d37ea840b33a512be031c65b305d0804336c32f914a7fbe722741ba8421a7fafc601c816cb338fc5188872d3689e9278708a89b6e82d8544e8f3120d1c9752
-
SSDEEP
393216:QxEIjvanMrb61l0/7foRESYQK1gTJ15uwibSXbmJhNqtglONwjW+34OZo3XO2:QxDjCnU68US6K6N1MwDbSNuwa+3hZkXV
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-29_32ff527d2f71c7b1f04954120653e422_icedid.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-06-29_32ff527d2f71c7b1f04954120653e422_icedid
-
Size
21.5MB
-
MD5
32ff527d2f71c7b1f04954120653e422
-
SHA1
7a6ddffade568cd3aa86a7a0e0e8392281dfc79a
-
SHA256
b12603b764014e5d1adecbc3e98e492948f0fa21d01e0c2ea2a3a684f58317b1
-
SHA512
f2d37ea840b33a512be031c65b305d0804336c32f914a7fbe722741ba8421a7fafc601c816cb338fc5188872d3689e9278708a89b6e82d8544e8f3120d1c9752
-
SSDEEP
393216:QxEIjvanMrb61l0/7foRESYQK1gTJ15uwibSXbmJhNqtglONwjW+34OZo3XO2:QxDjCnU68US6K6N1MwDbSNuwa+3hZkXV
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1