General

  • Target

    2024-10-16_fea7bda1038f139cd51d66430a0e2eed_hacktools_icedid

  • Size

    2.0MB

  • Sample

    241016-y5hf5svanp

  • MD5

    fea7bda1038f139cd51d66430a0e2eed

  • SHA1

    332eec50535b21cb847498574a766b21a6d639b8

  • SHA256

    cb2cf00879a12699c3a12483688318c2e1949a8276dd52d6ab38aede7c878fc7

  • SHA512

    9c0c2b6f209183439b6c0643abd7bc472180246dfcf4da6343ed1f63b9503db8b6ad8b6218ac48d23b8c1cb71dd5088beeb0ece04e32796780289902a8471d41

  • SSDEEP

    24576:PSH25PwcN2jx23LdZNtWFKVKIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5EC3:PlDoOTNtGKoIvfuRVy/Pur2Mg3

Malware Config

Targets

    • Target

      2024-10-16_fea7bda1038f139cd51d66430a0e2eed_hacktools_icedid

    • Size

      2.0MB

    • MD5

      fea7bda1038f139cd51d66430a0e2eed

    • SHA1

      332eec50535b21cb847498574a766b21a6d639b8

    • SHA256

      cb2cf00879a12699c3a12483688318c2e1949a8276dd52d6ab38aede7c878fc7

    • SHA512

      9c0c2b6f209183439b6c0643abd7bc472180246dfcf4da6343ed1f63b9503db8b6ad8b6218ac48d23b8c1cb71dd5088beeb0ece04e32796780289902a8471d41

    • SSDEEP

      24576:PSH25PwcN2jx23LdZNtWFKVKIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5EC3:PlDoOTNtGKoIvfuRVy/Pur2Mg3

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks