General
-
Target
2024-10-17_177a756c855db11bfe008ee341ec6a1a_hijackloader_icedid
-
Size
7.4MB
-
Sample
241017-1l47xaybmf
-
MD5
177a756c855db11bfe008ee341ec6a1a
-
SHA1
524808589ffb06b2d50bc38a4b930436a0cbccfa
-
SHA256
053d108b9b78c2c0b9be707a38774375dd63c0825848bc8da4f628e70fb9c781
-
SHA512
16ee6aed9a98bf96d2ead548fade0e996b2ea2d24a52a4ed3cf37eb4e97a16144c5def39a416840727b7d03c6f3cf477a8168848d28614712f073f8cca449b0e
-
SSDEEP
98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMa2UgXq9ouFkULGyqobNq1Mft5rG6uPO2q:32S9+ULdNPtbuPZOOmnqogHh/+
Behavioral task
behavioral1
Sample
2024-10-17_177a756c855db11bfe008ee341ec6a1a_hijackloader_icedid.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-10-17_177a756c855db11bfe008ee341ec6a1a_hijackloader_icedid
-
Size
7.4MB
-
MD5
177a756c855db11bfe008ee341ec6a1a
-
SHA1
524808589ffb06b2d50bc38a4b930436a0cbccfa
-
SHA256
053d108b9b78c2c0b9be707a38774375dd63c0825848bc8da4f628e70fb9c781
-
SHA512
16ee6aed9a98bf96d2ead548fade0e996b2ea2d24a52a4ed3cf37eb4e97a16144c5def39a416840727b7d03c6f3cf477a8168848d28614712f073f8cca449b0e
-
SSDEEP
98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMa2UgXq9ouFkULGyqobNq1Mft5rG6uPO2q:32S9+ULdNPtbuPZOOmnqogHh/+
-
Detect Blackmoon payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1