General

  • Target

    2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim

  • Size

    3.1MB

  • Sample

    241025-mm8ptsyhlp

  • MD5

    b25f2f6e63a4d4f34c422564d55c4b63

  • SHA1

    18392d3e76bb71aab2c30ee536aca258fe517d8d

  • SHA256

    ca6a873a23157e572f95ccfe37d71c45de69a6f67d6c5bebd38258e3d5309ba7

  • SHA512

    d439ac31cef582fee483836e49fa9689f0e8ae60cb4c212043fb77a520692ea2bcc16603b86090d54376d53b6ca2c52ec80875adada133af2205d3b611791854

  • SSDEEP

    98304:IMDtIXLr06AdfEThF35PzuWfj8rqPYdMT:YrmEdF3HfYrqPR

Malware Config

Targets

    • Target

      2024-10-25_b25f2f6e63a4d4f34c422564d55c4b63_icedid_nymaim

    • Size

      3.1MB

    • MD5

      b25f2f6e63a4d4f34c422564d55c4b63

    • SHA1

      18392d3e76bb71aab2c30ee536aca258fe517d8d

    • SHA256

      ca6a873a23157e572f95ccfe37d71c45de69a6f67d6c5bebd38258e3d5309ba7

    • SHA512

      d439ac31cef582fee483836e49fa9689f0e8ae60cb4c212043fb77a520692ea2bcc16603b86090d54376d53b6ca2c52ec80875adada133af2205d3b611791854

    • SSDEEP

      98304:IMDtIXLr06AdfEThF35PzuWfj8rqPYdMT:YrmEdF3HfYrqPR

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks