General

  • Target

    2024-06-21_1e8a2685e7a5f270ae24c1085a7cf5e3_icedid_sakula

  • Size

    20.9MB

  • Sample

    240621-ygvrkavarn

  • MD5

    1e8a2685e7a5f270ae24c1085a7cf5e3

  • SHA1

    216544275b053b2c177a75a30984ca04de6f2805

  • SHA256

    e1abb1a6483ac5b7b593f5d3e798a9a9df6cab4a978cb977f1d91704df682bc7

  • SHA512

    2a57c85a775946a04877763739f6da20e6e62b59872824429fe0c5b7f589e0f54e8f04a57f3aed18c4e98509ae0967f8b578ab9ce1fdc6a919299cafe1e84eb6

  • SSDEEP

    196608:nJ+kISLa1I6aEromRQsVm2vbDbRYQmCll:JMSLa1IvEUmOsVm2vbDa7C

Malware Config

Targets

    • Target

      2024-06-21_1e8a2685e7a5f270ae24c1085a7cf5e3_icedid_sakula

    • Size

      20.9MB

    • MD5

      1e8a2685e7a5f270ae24c1085a7cf5e3

    • SHA1

      216544275b053b2c177a75a30984ca04de6f2805

    • SHA256

      e1abb1a6483ac5b7b593f5d3e798a9a9df6cab4a978cb977f1d91704df682bc7

    • SHA512

      2a57c85a775946a04877763739f6da20e6e62b59872824429fe0c5b7f589e0f54e8f04a57f3aed18c4e98509ae0967f8b578ab9ce1fdc6a919299cafe1e84eb6

    • SSDEEP

      196608:nJ+kISLa1I6aEromRQsVm2vbDbRYQmCll:JMSLa1IvEUmOsVm2vbDa7C

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks