General

  • Target

    2024-06-06_80b0f2065e672f6dad246cfeca7152fc_icedid

  • Size

    11.2MB

  • Sample

    240606-q6z4ksfh76

  • MD5

    80b0f2065e672f6dad246cfeca7152fc

  • SHA1

    be89d76f468a0ef5b2332ce2e096e9ab979ddc31

  • SHA256

    7ad3c0289a7aa806b9def6b750899056d9e224c81186eab0d0841e6236f2ccba

  • SHA512

    d071b0bda246973a7ab46aed0ec8f9cc5688cdc84684169a0a5cac2dc180972718e1d7f8fa23997490780964e91842084ed3c4a18465a35b707a918f41c46334

  • SSDEEP

    196608:Tkgtoc6puDkMzbmaYgWF9KV3SDCA7XmncL+k8tu3rvTwOs6:IgtocIuDG9rK0DCuGi8I3rvTwOs6

Malware Config

Targets

    • Target

      2024-06-06_80b0f2065e672f6dad246cfeca7152fc_icedid

    • Size

      11.2MB

    • MD5

      80b0f2065e672f6dad246cfeca7152fc

    • SHA1

      be89d76f468a0ef5b2332ce2e096e9ab979ddc31

    • SHA256

      7ad3c0289a7aa806b9def6b750899056d9e224c81186eab0d0841e6236f2ccba

    • SHA512

      d071b0bda246973a7ab46aed0ec8f9cc5688cdc84684169a0a5cac2dc180972718e1d7f8fa23997490780964e91842084ed3c4a18465a35b707a918f41c46334

    • SSDEEP

      196608:Tkgtoc6puDkMzbmaYgWF9KV3SDCA7XmncL+k8tu3rvTwOs6:IgtocIuDG9rK0DCuGi8I3rvTwOs6

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks