General

  • Target

    2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid

  • Size

    11.2MB

  • Sample

    240606-q5w1jaeh9x

  • MD5

    fa26cfd5a2f621c95254e4f5ed6debae

  • SHA1

    10e126aa69021a3de33bd9e1d67bf5258b10bc9a

  • SHA256

    3b4948df3b46a9f63d0ee48b73794b1ff6cbfd15531566c671746fe6c9ffd961

  • SHA512

    3cb619b0fbd7eeaef79c39c49c34b8d0258100d879394064e5247f1865d517bf17c3d5b08fd63f3a7bef9ab035bac064f4124ade81d0599abcfcf4f6cf446330

  • SSDEEP

    196608:2Qbu3rvVtoc6puDkMzbmaYgWF9KV3SDCA7XmZcL+k8zwFs6:r63rvVtocIuDG9rK0DCuSi8zwFs6

Malware Config

Targets

    • Target

      2024-06-06_fa26cfd5a2f621c95254e4f5ed6debae_icedid

    • Size

      11.2MB

    • MD5

      fa26cfd5a2f621c95254e4f5ed6debae

    • SHA1

      10e126aa69021a3de33bd9e1d67bf5258b10bc9a

    • SHA256

      3b4948df3b46a9f63d0ee48b73794b1ff6cbfd15531566c671746fe6c9ffd961

    • SHA512

      3cb619b0fbd7eeaef79c39c49c34b8d0258100d879394064e5247f1865d517bf17c3d5b08fd63f3a7bef9ab035bac064f4124ade81d0599abcfcf4f6cf446330

    • SSDEEP

      196608:2Qbu3rvVtoc6puDkMzbmaYgWF9KV3SDCA7XmZcL+k8zwFs6:r63rvVtocIuDG9rK0DCuSi8zwFs6

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks