General
-
Target
2024-06-29_c64d896faeacc551a3af8fecf7e76118_icedid
-
Size
388KB
-
Sample
240629-rtyweszaqe
-
MD5
c64d896faeacc551a3af8fecf7e76118
-
SHA1
d97d9fbe57247340b0919a715bd76e1abea67dd8
-
SHA256
e0e829988cd2457c7e14c791a024f1947e9c8c40c3cbb8fbce4309bc31ccbedd
-
SHA512
b4320647f39991496123cdf7b5abdb1e16cabcd5fadab9fb0f84492b721e3f9367b4a72350794898aeaaa368e7c4a01d9af9bd01c1ee4c821ac4a8d131f39b01
-
SSDEEP
6144:GAZodLAb5nVOOuya0uIW/zyg+K+5aNiKIphcdvHgBCdPL9dyOoqvaoNCLc:GlpAb1VOOuyan7+5wWSdv2CdPnqVol
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-29_c64d896faeacc551a3af8fecf7e76118_icedid.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-06-29_c64d896faeacc551a3af8fecf7e76118_icedid
-
Size
388KB
-
MD5
c64d896faeacc551a3af8fecf7e76118
-
SHA1
d97d9fbe57247340b0919a715bd76e1abea67dd8
-
SHA256
e0e829988cd2457c7e14c791a024f1947e9c8c40c3cbb8fbce4309bc31ccbedd
-
SHA512
b4320647f39991496123cdf7b5abdb1e16cabcd5fadab9fb0f84492b721e3f9367b4a72350794898aeaaa368e7c4a01d9af9bd01c1ee4c821ac4a8d131f39b01
-
SSDEEP
6144:GAZodLAb5nVOOuya0uIW/zyg+K+5aNiKIphcdvHgBCdPL9dyOoqvaoNCLc:GlpAb1VOOuyan7+5wWSdv2CdPnqVol
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1