9a60e613b70467db82811e0be852e3dac470b3badc8ea6e797d2c6ac218009e9 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2024-07-01...id.exe

windows7-x64

9

2024-07-01...id.exe

windows10-2004-x64

9

Sharing

General

Target

2024-07-01_444989dd6a995373a70e6228776e5262_floxif_icedid
Size

2.6MB
Sample

240701-f2j7fs1anm
MD5

444989dd6a995373a70e6228776e5262
SHA1

297c74273980378ca22df9d897826a2dd8aef183
SHA256

9a60e613b70467db82811e0be852e3dac470b3badc8ea6e797d2c6ac218009e9
SHA512

a33fc9138380e32d24eadbb27e40434e132938642a483255b0e19ea7fff26be4d0759d533139a5223943744c431115381a72e4a682691090d82fdf00d9923c96
SSDEEP

24576:2+WIbkr+zIOlaU5YZoTqEPDwbMwq1dn+Zu7HkroLAZ7ERPveW8VYA2wH572BlzEM:cC59XVgu7HiOAZ7SXeW8zGUO

Score

9^/10

bootkit persistence privilege_escalation upx

Static task

static1

Behavioral task

behavioral1

Sample

2024-07-01_444989dd6a995373a70e6228776e5262_floxif_icedid.exe

Resource

win7-20240221-en

bootkit persistence privilege_escalation upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-07-01_444989dd6a995373a70e6228776e5262_floxif_icedid.exe

Resource

win10v2004-20240508-en

bootkit persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-07-01_444989dd6a995373a70e6228776e5262_floxif_icedid
- Size
  
  2.6MB
- MD5
  
  444989dd6a995373a70e6228776e5262
- SHA1
  
  297c74273980378ca22df9d897826a2dd8aef183
- SHA256
  
  9a60e613b70467db82811e0be852e3dac470b3badc8ea6e797d2c6ac218009e9
- SHA512
  
  a33fc9138380e32d24eadbb27e40434e132938642a483255b0e19ea7fff26be4d0759d533139a5223943744c431115381a72e4a682691090d82fdf00d9923c96
- SSDEEP
  
  24576:2+WIbkr+zIOlaU5YZoTqEPDwbMwq1dn+Zu7HkroLAZ7ERPveW8VYA2wH572BlzEM:cC59XVgu7HiOAZ7SXeW8zGUO
Score

9^/10

bootkit persistence privilege_escalation upx
- UPX dump on OEP (original entry point)
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Pre-OS Boot

Bootkit

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistenceprivilege_escalationupx

behavioral2

bootkitpersistenceupx

© 2018-2024

Terms | Privacy