General
-
Target
2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim
-
Size
3.1MB
-
Sample
241025-qsgeba1ekl
-
MD5
64bf0cc952e3709e7b47e411780a94c8
-
SHA1
ce17b54a681c1b7ad11a426ef1b8965303c1da38
-
SHA256
23d959b6953113b4c9b674c6f8eb41d65e8504d3db4f8c3045df4a59563b2c7b
-
SHA512
0e08968828f0eb2b89bcf297be3e250e31520c2ee78128a36fc2a3d83f0c93dff27f953385c2fa38b3be491d5cb27748c17e882786f33aad6d15c4340d0eefd1
-
SSDEEP
98304:4MDtIXLr06AdfEThF35Pzu7Q9mbkqKkodM3:ormEdF3iQ9mgqKkV
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-25_64bf0cc952e3709e7b47e411780a94c8_icedid_nymaim
-
Size
3.1MB
-
MD5
64bf0cc952e3709e7b47e411780a94c8
-
SHA1
ce17b54a681c1b7ad11a426ef1b8965303c1da38
-
SHA256
23d959b6953113b4c9b674c6f8eb41d65e8504d3db4f8c3045df4a59563b2c7b
-
SHA512
0e08968828f0eb2b89bcf297be3e250e31520c2ee78128a36fc2a3d83f0c93dff27f953385c2fa38b3be491d5cb27748c17e882786f33aad6d15c4340d0eefd1
-
SSDEEP
98304:4MDtIXLr06AdfEThF35Pzu7Q9mbkqKkodM3:ormEdF3iQ9mgqKkV
-
Xmrig family
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-