General

  • Target

    2024-05-18_75d17082814ba560ca13f80e835d8e57_icedid_xiaobaminer

  • Size

    4.3MB

  • Sample

    240518-glxchsef2t

  • MD5

    75d17082814ba560ca13f80e835d8e57

  • SHA1

    d22b130faecd99338f4e9d886420b3f110f94180

  • SHA256

    77315635755479164a7588a7aae8dbfe0f477fb530747ae01d15577fe1794f97

  • SHA512

    e0df67340d5f7b93137be133e44ee96fa17b92b06f6e2927b9be8867fba7825f11c6c7b820d7a1bc8e428d913f4c60828dd5b5d3b9c23ea525e076aeb4832e3e

  • SSDEEP

    49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB+Cq99LyHHI+t6O8N+ailEy6dmpzeioK2ek:cdUC+6Z6J0oAaldmdmnp

Malware Config

Targets

    • Target

      2024-05-18_75d17082814ba560ca13f80e835d8e57_icedid_xiaobaminer

    • Size

      4.3MB

    • MD5

      75d17082814ba560ca13f80e835d8e57

    • SHA1

      d22b130faecd99338f4e9d886420b3f110f94180

    • SHA256

      77315635755479164a7588a7aae8dbfe0f477fb530747ae01d15577fe1794f97

    • SHA512

      e0df67340d5f7b93137be133e44ee96fa17b92b06f6e2927b9be8867fba7825f11c6c7b820d7a1bc8e428d913f4c60828dd5b5d3b9c23ea525e076aeb4832e3e

    • SSDEEP

      49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB+Cq99LyHHI+t6O8N+ailEy6dmpzeioK2ek:cdUC+6Z6J0oAaldmdmnp

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks