General

  • Target

    2024-10-17_6ca480efc6bbd9827cfa7d91031d6c8f_hijackloader_icedid

  • Size

    3.7MB

  • Sample

    241017-1tk41ayeqg

  • MD5

    6ca480efc6bbd9827cfa7d91031d6c8f

  • SHA1

    49e758f1495425a226178c4ad10f1dd2bf5efc57

  • SHA256

    751667587c73d0982ae5d9bf65bce904e5d25de3969300b3f18e03d5c8534b78

  • SHA512

    d3ce3c0c25c401a75ee4610ab4f182567e7dac08cfabfe43e22062b5f74fd7a9ae9b78d5eeddc1b3e58f0de9e4c75754eeb8b7868990c04cc70ac0cfff80df33

  • SSDEEP

    98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMR0oAaldmdmnpNmi78gkwo:bKmd0u

Malware Config

Targets

    • Target

      2024-10-17_6ca480efc6bbd9827cfa7d91031d6c8f_hijackloader_icedid

    • Size

      3.7MB

    • MD5

      6ca480efc6bbd9827cfa7d91031d6c8f

    • SHA1

      49e758f1495425a226178c4ad10f1dd2bf5efc57

    • SHA256

      751667587c73d0982ae5d9bf65bce904e5d25de3969300b3f18e03d5c8534b78

    • SHA512

      d3ce3c0c25c401a75ee4610ab4f182567e7dac08cfabfe43e22062b5f74fd7a9ae9b78d5eeddc1b3e58f0de9e4c75754eeb8b7868990c04cc70ac0cfff80df33

    • SSDEEP

      98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMR0oAaldmdmnpNmi78gkwo:bKmd0u

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks