General
-
Target
2024-03-02_3ed3e409956b3dbf64f468c21db42827_icedid_xmrig
-
Size
28.2MB
-
Sample
240302-3p8evaah69
-
MD5
3ed3e409956b3dbf64f468c21db42827
-
SHA1
5598bddd81f0766c7dcde51b0b87896457fe24b5
-
SHA256
79e795fc0d5c20c1598dfae04da6d8d15a1d0d336beef91e4b26721d6f720e49
-
SHA512
6e7065373adc997cac79daf12b81f398a0692d0baba6fe28c208fd1885b6a47991ee80b964867e9d55d5e743c1611bb26e7abf9356eb128dec332613d400cad7
-
SSDEEP
393216:dFgRfW+1WeWyGMR+mFgRfW+1WeWyGMR+dqh0Ttzt7:CBoBYqh0TFh
Behavioral task
behavioral1
Sample
2024-03-02_3ed3e409956b3dbf64f468c21db42827_icedid_xmrig.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-03-02_3ed3e409956b3dbf64f468c21db42827_icedid_xmrig
-
Size
28.2MB
-
MD5
3ed3e409956b3dbf64f468c21db42827
-
SHA1
5598bddd81f0766c7dcde51b0b87896457fe24b5
-
SHA256
79e795fc0d5c20c1598dfae04da6d8d15a1d0d336beef91e4b26721d6f720e49
-
SHA512
6e7065373adc997cac79daf12b81f398a0692d0baba6fe28c208fd1885b6a47991ee80b964867e9d55d5e743c1611bb26e7abf9356eb128dec332613d400cad7
-
SSDEEP
393216:dFgRfW+1WeWyGMR+mFgRfW+1WeWyGMR+dqh0Ttzt7:CBoBYqh0TFh
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2