General
-
Target
2024-10-17_6ca480efc6bbd9827cfa7d91031d6c8f_hijackloader_icedid
-
Size
3.7MB
-
Sample
241017-1tk41ayeqg
-
MD5
6ca480efc6bbd9827cfa7d91031d6c8f
-
SHA1
49e758f1495425a226178c4ad10f1dd2bf5efc57
-
SHA256
751667587c73d0982ae5d9bf65bce904e5d25de3969300b3f18e03d5c8534b78
-
SHA512
d3ce3c0c25c401a75ee4610ab4f182567e7dac08cfabfe43e22062b5f74fd7a9ae9b78d5eeddc1b3e58f0de9e4c75754eeb8b7868990c04cc70ac0cfff80df33
-
SSDEEP
98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMR0oAaldmdmnpNmi78gkwo:bKmd0u
Behavioral task
behavioral1
Sample
2024-10-17_6ca480efc6bbd9827cfa7d91031d6c8f_hijackloader_icedid.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
2024-10-17_6ca480efc6bbd9827cfa7d91031d6c8f_hijackloader_icedid
-
Size
3.7MB
-
MD5
6ca480efc6bbd9827cfa7d91031d6c8f
-
SHA1
49e758f1495425a226178c4ad10f1dd2bf5efc57
-
SHA256
751667587c73d0982ae5d9bf65bce904e5d25de3969300b3f18e03d5c8534b78
-
SHA512
d3ce3c0c25c401a75ee4610ab4f182567e7dac08cfabfe43e22062b5f74fd7a9ae9b78d5eeddc1b3e58f0de9e4c75754eeb8b7868990c04cc70ac0cfff80df33
-
SSDEEP
98304:ykCuRfMMMMM2MMMMMARfMMMMM2MMMMMR0oAaldmdmnpNmi78gkwo:bKmd0u
-
Detect Blackmoon payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1