General
-
Target
2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim
-
Size
3.1MB
-
Sample
241025-mm8ptsyhlp
-
MD5
b25f2f6e63a4d4f34c422564d55c4b63
-
SHA1
18392d3e76bb71aab2c30ee536aca258fe517d8d
-
SHA256
ca6a873a23157e572f95ccfe37d71c45de69a6f67d6c5bebd38258e3d5309ba7
-
SHA512
d439ac31cef582fee483836e49fa9689f0e8ae60cb4c212043fb77a520692ea2bcc16603b86090d54376d53b6ca2c52ec80875adada133af2205d3b611791854
-
SSDEEP
98304:IMDtIXLr06AdfEThF35PzuWfj8rqPYdMT:YrmEdF3HfYrqPR
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim
-
Size
3.1MB
-
MD5
b25f2f6e63a4d4f34c422564d55c4b63
-
SHA1
18392d3e76bb71aab2c30ee536aca258fe517d8d
-
SHA256
ca6a873a23157e572f95ccfe37d71c45de69a6f67d6c5bebd38258e3d5309ba7
-
SHA512
d439ac31cef582fee483836e49fa9689f0e8ae60cb4c212043fb77a520692ea2bcc16603b86090d54376d53b6ca2c52ec80875adada133af2205d3b611791854
-
SSDEEP
98304:IMDtIXLr06AdfEThF35PzuWfj8rqPYdMT:YrmEdF3HfYrqPR
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-