General

  • Target

    2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim

  • Size

    3.1MB

  • Sample

    241025-qsgeba1ekl

  • MD5

    64bf0cc952e3709e7b47e411780a94c8

  • SHA1

    ce17b54a681c1b7ad11a426ef1b8965303c1da38

  • SHA256

    23d959b6953113b4c9b674c6f8eb41d65e8504d3db4f8c3045df4a59563b2c7b

  • SHA512

    0e08968828f0eb2b89bcf297be3e250e31520c2ee78128a36fc2a3d83f0c93dff27f953385c2fa38b3be491d5cb27748c17e882786f33aad6d15c4340d0eefd1

  • SSDEEP

    98304:4MDtIXLr06AdfEThF35Pzu7Q9mbkqKkodM3:ormEdF3iQ9mgqKkV

Malware Config

Targets

    • Target

      2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim

    • Size

      3.1MB

    • MD5

      64bf0cc952e3709e7b47e411780a94c8

    • SHA1

      ce17b54a681c1b7ad11a426ef1b8965303c1da38

    • SHA256

      23d959b6953113b4c9b674c6f8eb41d65e8504d3db4f8c3045df4a59563b2c7b

    • SHA512

      0e08968828f0eb2b89bcf297be3e250e31520c2ee78128a36fc2a3d83f0c93dff27f953385c2fa38b3be491d5cb27748c17e882786f33aad6d15c4340d0eefd1

    • SSDEEP

      98304:4MDtIXLr06AdfEThF35Pzu7Q9mbkqKkodM3:ormEdF3iQ9mgqKkV

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks