Overview

overview

10

Static

static

10

2024-06-30...id.exe

windows7-x64

9

2024-06-30...id.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-30_c2b355abe814f11a1e59b75092ab6690_hacktools_icedid

  • Size

    18.6MB

  • Sample

    240630-prbl1a1dnq

  • MD5

    c2b355abe814f11a1e59b75092ab6690

  • SHA1

    a6a0ed15388f17396a6530c3896cc25ce531cbc9

  • SHA256

    06ace6c2455cb84c5a0e86adc50ba61c6988dd3fd07122fa6151b6657b4a5fb4

  • SHA512

    19c3c5ca9240c1ac0e031a0044f0aafdf09e56662173fc6933b23491fc44531770ee4aab77643e95d4da9774d688c628e4cd2f405dd737b141e89e3664314d1b

  • SSDEEP

    393216:8Fr8rykk0l+tDJARmvLvPmzWrH5eg+P/krIEwp:6r8rykHRmqzW19+P/krIEg

Score
10/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      2024-06-30_c2b355abe814f11a1e59b75092ab6690_hacktools_icedid

    • Size

      18.6MB

    • MD5

      c2b355abe814f11a1e59b75092ab6690

    • SHA1

      a6a0ed15388f17396a6530c3896cc25ce531cbc9

    • SHA256

      06ace6c2455cb84c5a0e86adc50ba61c6988dd3fd07122fa6151b6657b4a5fb4

    • SHA512

      19c3c5ca9240c1ac0e031a0044f0aafdf09e56662173fc6933b23491fc44531770ee4aab77643e95d4da9774d688c628e4cd2f405dd737b141e89e3664314d1b

    • SSDEEP

      393216:8Fr8rykk0l+tDJARmvLvPmzWrH5eg+P/krIEwp:6r8rykHRmqzW19+P/krIEg

    Score
    9/10
    bootkitpersistenceupx

    • UPX dump on OEP (original entry point)

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks