General

  • Target

    2024-12-24_e2f07d2eddbbb2178e2acc93abda9d13_icedid_xmrig

  • Size

    8.6MB

  • Sample

    241224-3eae3a1jgr

  • MD5

    e2f07d2eddbbb2178e2acc93abda9d13

  • SHA1

    db621972fa9af38093da909447c6a25b660b62ca

  • SHA256

    a774b82114002548885e4ca8bfa15756f7457948b887fe934253b2e071c9762a

  • SHA512

    1c57a520bb91a7f1397c6bf2053ba5e3daaa611039e3b52577a7a0237517eb6ca2cc6cd1e6744364dd759bfba73e0a400a340f1a3934dfd5f2bcca21b72081ed

  • SSDEEP

    98304:dvfapmo1Y4+6Y7SOEfX/SbgRya1ZPYtAOa5nBnEQWowKhTaFk5nBnEQWoYIsaOyW:da9+6Y7SOEibgR/rBTdTaIBTYSOyCz

Malware Config

Targets

    • Target

      2024-12-24_e2f07d2eddbbb2178e2acc93abda9d13_icedid_xmrig

    • Size

      8.6MB

    • MD5

      e2f07d2eddbbb2178e2acc93abda9d13

    • SHA1

      db621972fa9af38093da909447c6a25b660b62ca

    • SHA256

      a774b82114002548885e4ca8bfa15756f7457948b887fe934253b2e071c9762a

    • SHA512

      1c57a520bb91a7f1397c6bf2053ba5e3daaa611039e3b52577a7a0237517eb6ca2cc6cd1e6744364dd759bfba73e0a400a340f1a3934dfd5f2bcca21b72081ed

    • SSDEEP

      98304:dvfapmo1Y4+6Y7SOEfX/SbgRya1ZPYtAOa5nBnEQWowKhTaFk5nBnEQWoYIsaOyW:da9+6Y7SOEibgR/rBTdTaIBTYSOyCz

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks