General

  • Target

    2024-10-17_177a756c855db11bfe008ee341ec6a1a_hijackloader_icedid

  • Size

    7.4MB

  • Sample

    241017-1l47xaybmf

  • MD5

    177a756c855db11bfe008ee341ec6a1a

  • SHA1

    524808589ffb06b2d50bc38a4b930436a0cbccfa

  • SHA256

    053d108b9b78c2c0b9be707a38774375dd63c0825848bc8da4f628e70fb9c781

  • SHA512

    16ee6aed9a98bf96d2ead548fade0e996b2ea2d24a52a4ed3cf37eb4e97a16144c5def39a416840727b7d03c6f3cf477a8168848d28614712f073f8cca449b0e

  • SSDEEP

    98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMa2UgXq9ouFkULGyqobNq1Mft5rG6uPO2q:32S9+ULdNPtbuPZOOmnqogHh/+

Malware Config

Targets

    • Target

      2024-10-17_177a756c855db11bfe008ee341ec6a1a_hijackloader_icedid

    • Size

      7.4MB

    • MD5

      177a756c855db11bfe008ee341ec6a1a

    • SHA1

      524808589ffb06b2d50bc38a4b930436a0cbccfa

    • SHA256

      053d108b9b78c2c0b9be707a38774375dd63c0825848bc8da4f628e70fb9c781

    • SHA512

      16ee6aed9a98bf96d2ead548fade0e996b2ea2d24a52a4ed3cf37eb4e97a16144c5def39a416840727b7d03c6f3cf477a8168848d28614712f073f8cca449b0e

    • SSDEEP

      98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMa2UgXq9ouFkULGyqobNq1Mft5rG6uPO2q:32S9+ULdNPtbuPZOOmnqogHh/+

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks