General

  • Target

    2024-06-21_5e8497ab23c7248322947a32146e0a65_icedid

  • Size

    5.2MB

  • Sample

    240621-1xv4dasejc

  • MD5

    5e8497ab23c7248322947a32146e0a65

  • SHA1

    ce70416240b42b1a1e9189dc7cc51bfb0c08d793

  • SHA256

    fe957858e35ad2f0dc4274d8caf37c45d78aaf38dff217b2055f005b4c320435

  • SHA512

    ce6e260a772fc09765d6186596fff06d9c787c2afc91836f9b1f5222004a38ab552a4754fb8c82b7efd0ffbbbe87b4f18f7d0de786ca3f44cc250388b4a9c351

  • SSDEEP

    98304:lWfa68HpfUWa3O2i5qBQ5dyU6p/8MKja8lldMQRtP5SbWf+YFC70jqdaElk7CllN:7Qs+iNQaf+HgG4Elk7CllAlql6uH

Malware Config

Targets

    • Target

      2024-06-21_5e8497ab23c7248322947a32146e0a65_icedid

    • Size

      5.2MB

    • MD5

      5e8497ab23c7248322947a32146e0a65

    • SHA1

      ce70416240b42b1a1e9189dc7cc51bfb0c08d793

    • SHA256

      fe957858e35ad2f0dc4274d8caf37c45d78aaf38dff217b2055f005b4c320435

    • SHA512

      ce6e260a772fc09765d6186596fff06d9c787c2afc91836f9b1f5222004a38ab552a4754fb8c82b7efd0ffbbbe87b4f18f7d0de786ca3f44cc250388b4a9c351

    • SSDEEP

      98304:lWfa68HpfUWa3O2i5qBQ5dyU6p/8MKja8lldMQRtP5SbWf+YFC70jqdaElk7CllN:7Qs+iNQaf+HgG4Elk7CllAlql6uH

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks