General

  • Target

    2024-05-18_8608b7e0d626c69f4e9d2196cedccaea_icedid_xiaobaminer

  • Size

    6.0MB

  • Sample

    240518-gp8vqaeg82

  • MD5

    8608b7e0d626c69f4e9d2196cedccaea

  • SHA1

    7e60b07109fe5f8a6c04a0ce321fe6db15689e42

  • SHA256

    34fc905c46766bea969a7d367f49b4f786f3fcf273543ef9e6b71f0a06128722

  • SHA512

    b5e0a8ce9e7941de720d846aef048049d5c4fd393b17acac4d37660989b1957c9345eb93ead8c37740fdc816ee491b4f4216e936f05676f654de84b14fec29de

  • SSDEEP

    49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB/KCGZd0qgNEf16lhulJLirHJIZ/K0tDAyN:cdUC+6Z6tWQtZ/K0tGOFWVRuLftCT

Malware Config

Targets

    • Target

      2024-05-18_8608b7e0d626c69f4e9d2196cedccaea_icedid_xiaobaminer

    • Size

      6.0MB

    • MD5

      8608b7e0d626c69f4e9d2196cedccaea

    • SHA1

      7e60b07109fe5f8a6c04a0ce321fe6db15689e42

    • SHA256

      34fc905c46766bea969a7d367f49b4f786f3fcf273543ef9e6b71f0a06128722

    • SHA512

      b5e0a8ce9e7941de720d846aef048049d5c4fd393b17acac4d37660989b1957c9345eb93ead8c37740fdc816ee491b4f4216e936f05676f654de84b14fec29de

    • SSDEEP

      49152:7+nenzcErNNQJLg3NCLT2PpYqcpYqB/KCGZd0qgNEf16lhulJLirHJIZ/K0tDAyN:cdUC+6Z6tWQtZ/K0tGOFWVRuLftCT

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks