General

  • Target

    2024-06-20_30c9bffeef7c5598279030e7e5675547_icedid_magniber_sakula

  • Size

    24.1MB

  • Sample

    240620-qbav7syeqc

  • MD5

    30c9bffeef7c5598279030e7e5675547

  • SHA1

    ddc2de804fcb5d0a7f44ffc69993167d1914bb11

  • SHA256

    6dda09e05bb1bed63f13b5d5d34fa8acae55e45ed25da06cf2ca1d20152fad2f

  • SHA512

    74e9d923a5a8d8e1b231d35d4edb85fb3e6c0b11c79e79be59bd2a93bea8288099c58bfcabf9379f1fa754d16be85a5e6ba2aa0a3794c17c62591d4aba20bff7

  • SSDEEP

    786432:Mci1BEnvQu7vja8IDKrZMu4GwjSB6QJekq/n5Bt5Q:McCu7v2jKrWuPwjq6ga5O

Malware Config

Targets

    • Target

      2024-06-20_30c9bffeef7c5598279030e7e5675547_icedid_magniber_sakula

    • Size

      24.1MB

    • MD5

      30c9bffeef7c5598279030e7e5675547

    • SHA1

      ddc2de804fcb5d0a7f44ffc69993167d1914bb11

    • SHA256

      6dda09e05bb1bed63f13b5d5d34fa8acae55e45ed25da06cf2ca1d20152fad2f

    • SHA512

      74e9d923a5a8d8e1b231d35d4edb85fb3e6c0b11c79e79be59bd2a93bea8288099c58bfcabf9379f1fa754d16be85a5e6ba2aa0a3794c17c62591d4aba20bff7

    • SSDEEP

      786432:Mci1BEnvQu7vja8IDKrZMu4GwjSB6QJekq/n5Bt5Q:McCu7v2jKrWuPwjq6ga5O

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks