General
-
Target
2024-06-30_e37618892626119e136d078750cf0b29_icedid
-
Size
997KB
-
Sample
240630-r383razblb
-
MD5
e37618892626119e136d078750cf0b29
-
SHA1
21745b67e2898529aa2f7b51a963c9503bc952b8
-
SHA256
3634a88f7a6b0e230949c1fb0eb44b87443ddb07d2249f25ece6e769272bf9d9
-
SHA512
8f8a8c3b2f1f138b85e7a76967c2381e298d095f933b23b1cba18e19d9b4ecff59169b3646d68642a2e3f1067b6ff617acbff17e96bf5702a1e73eeef5769b48
-
SSDEEP
12288:Fas44a+GJczba9J8DxzXa8JmG4WjoLg+XV28f7Wy1Z:Fe4arcO8DRtsxWag6jWyz
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-30_e37618892626119e136d078750cf0b29_icedid.exe
Resource
win7-20231129-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
2024-06-30_e37618892626119e136d078750cf0b29_icedid
-
Size
997KB
-
MD5
e37618892626119e136d078750cf0b29
-
SHA1
21745b67e2898529aa2f7b51a963c9503bc952b8
-
SHA256
3634a88f7a6b0e230949c1fb0eb44b87443ddb07d2249f25ece6e769272bf9d9
-
SHA512
8f8a8c3b2f1f138b85e7a76967c2381e298d095f933b23b1cba18e19d9b4ecff59169b3646d68642a2e3f1067b6ff617acbff17e96bf5702a1e73eeef5769b48
-
SSDEEP
12288:Fas44a+GJczba9J8DxzXa8JmG4WjoLg+XV28f7Wy1Z:Fe4arcO8DRtsxWag6jWyz
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1