General
-
Target
2024-05-18_75d17082814ba560ca13f80e835d8e57_icedid_xiaobaminer
-
Size
4.3MB
-
Sample
240518-glxchsef2t
-
MD5
75d17082814ba560ca13f80e835d8e57
-
SHA1
d22b130faecd99338f4e9d886420b3f110f94180
-
SHA256
77315635755479164a7588a7aae8dbfe0f477fb530747ae01d15577fe1794f97
-
SHA512
e0df67340d5f7b93137be133e44ee96fa17b92b06f6e2927b9be8867fba7825f11c6c7b820d7a1bc8e428d913f4c60828dd5b5d3b9c23ea525e076aeb4832e3e
-
SSDEEP
49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB+Cq99LyHHI+t6O8N+ailEy6dmpzeioK2ek:cdUC+6Z6J0oAaldmdmnp
Behavioral task
behavioral1
Sample
2024-05-18_75d17082814ba560ca13f80e835d8e57_icedid_xiaobaminer.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-05-18_75d17082814ba560ca13f80e835d8e57_icedid_xiaobaminer
-
Size
4.3MB
-
MD5
75d17082814ba560ca13f80e835d8e57
-
SHA1
d22b130faecd99338f4e9d886420b3f110f94180
-
SHA256
77315635755479164a7588a7aae8dbfe0f477fb530747ae01d15577fe1794f97
-
SHA512
e0df67340d5f7b93137be133e44ee96fa17b92b06f6e2927b9be8867fba7825f11c6c7b820d7a1bc8e428d913f4c60828dd5b5d3b9c23ea525e076aeb4832e3e
-
SSDEEP
49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB+Cq99LyHHI+t6O8N+ailEy6dmpzeioK2ek:cdUC+6Z6J0oAaldmdmnp
-
Detect Blackmoon payload
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2