Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-08-26_e8df7f21de1a5b5c02f7a938248a4eee_icedid_JC.exe

  • Size

    4.0MB

  • Sample

    231010-zpfs2scd83

  • MD5

    e8df7f21de1a5b5c02f7a938248a4eee

  • SHA1

    78aeba0b6170d8b8ef9890e131cd85d7e68a3b2d

  • SHA256

    92a9266a0c9d6a31670cd87db06f10fa65b936c77e6e94a38e86219f91df3098

  • SHA512

    faec10b43975f7f46c0ad3dccd7d008d372bc7d187cf1e9e2bf564949240a30aeeeb3c97a2b59a497eaa815f6e75cc30c2d4e95da3dd1f8f1f3824c974f60acf

  • SSDEEP

    98304:ALkCqK9jITuvn4LNfYWVV0FLOAkGkzdnEVomFHKnPn:UkCqM5AnV0FLOyomFHKnPn

Malware Config

Targets

    • Target

      2023-08-26_e8df7f21de1a5b5c02f7a938248a4eee_icedid_JC.exe

    • Size

      4.0MB

    • MD5

      e8df7f21de1a5b5c02f7a938248a4eee

    • SHA1

      78aeba0b6170d8b8ef9890e131cd85d7e68a3b2d

    • SHA256

      92a9266a0c9d6a31670cd87db06f10fa65b936c77e6e94a38e86219f91df3098

    • SHA512

      faec10b43975f7f46c0ad3dccd7d008d372bc7d187cf1e9e2bf564949240a30aeeeb3c97a2b59a497eaa815f6e75cc30c2d4e95da3dd1f8f1f3824c974f60acf

    • SSDEEP

      98304:ALkCqK9jITuvn4LNfYWVV0FLOAkGkzdnEVomFHKnPn:UkCqM5AnV0FLOyomFHKnPn

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks