General

  • Target

    2024-10-30_06b67cc52aac9760dd6c080cb5cb66a1_icedid_xmrig

  • Size

    28.4MB

  • Sample

    241030-2d2x9a1mbt

  • MD5

    06b67cc52aac9760dd6c080cb5cb66a1

  • SHA1

    c18bd2341c3cc71cf553fe07f5ade591e5d4b9f2

  • SHA256

    02003aaf5590a8ddc8245b201325af5355f88cc64a5b29e5522a79bcf5fa5275

  • SHA512

    35e13d7a3846719d427cbece9836627d9ca7e6f10d81a67999bac90d0517b69f5da5c27146e98921ee5819f997853665d956d837b194be4a3b8c24fe885dfaea

  • SSDEEP

    393216:dFgR7ijN75MiBcFgR7ijN75MiBwR6ozb1ZbMrB8LwL4Pkq6EmeyDv9f:giB75MqxiB75Mqw8+n88LwLDqDm7Dv

Malware Config

Targets

    • Target

      2024-10-30_06b67cc52aac9760dd6c080cb5cb66a1_icedid_xmrig

    • Size

      28.4MB

    • MD5

      06b67cc52aac9760dd6c080cb5cb66a1

    • SHA1

      c18bd2341c3cc71cf553fe07f5ade591e5d4b9f2

    • SHA256

      02003aaf5590a8ddc8245b201325af5355f88cc64a5b29e5522a79bcf5fa5275

    • SHA512

      35e13d7a3846719d427cbece9836627d9ca7e6f10d81a67999bac90d0517b69f5da5c27146e98921ee5819f997853665d956d837b194be4a3b8c24fe885dfaea

    • SSDEEP

      393216:dFgR7ijN75MiBcFgR7ijN75MiBwR6ozb1ZbMrB8LwL4Pkq6EmeyDv9f:giB75MqxiB75Mqw8+n88LwLDqDm7Dv

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks