General

  • Target

    2024-12-24_60d12470541f91c468f0c74760267b1e_icedid_xmrig

  • Size

    3.3MB

  • Sample

    241224-a613waxkdk

  • MD5

    60d12470541f91c468f0c74760267b1e

  • SHA1

    e74956caba23f9e7d171a421cdc035da218618df

  • SHA256

    fd9bbab162ab8e16c4101ed24d2a53060aa44d71d02f97f0e7a40de6d78c79ae

  • SHA512

    cbb34d5804bff8102a7154058246d078d502b1d9ee48220865398d4ba31ff8d9303610df36b9b9e8ff20849b357104d68d63004037e5b340a9a43d9f0b37c43f

  • SSDEEP

    98304:dvfapmo1Y4+6Y7SOEfX/SbgRya1ZPYtVWClcIuj:da9+6Y7SOEibgR/auj

Malware Config

Targets

    • Target

      2024-12-24_60d12470541f91c468f0c74760267b1e_icedid_xmrig

    • Size

      3.3MB

    • MD5

      60d12470541f91c468f0c74760267b1e

    • SHA1

      e74956caba23f9e7d171a421cdc035da218618df

    • SHA256

      fd9bbab162ab8e16c4101ed24d2a53060aa44d71d02f97f0e7a40de6d78c79ae

    • SHA512

      cbb34d5804bff8102a7154058246d078d502b1d9ee48220865398d4ba31ff8d9303610df36b9b9e8ff20849b357104d68d63004037e5b340a9a43d9f0b37c43f

    • SSDEEP

      98304:dvfapmo1Y4+6Y7SOEfX/SbgRya1ZPYtVWClcIuj:da9+6Y7SOEibgR/auj

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks