General
-
Target
2025-04-22_59ad55af9cb72054981b67056d191468_elex_icedid_rhadamanthys_xiaobaminer
-
Size
538KB
-
Sample
250422-ejwbbstsav
-
MD5
59ad55af9cb72054981b67056d191468
-
SHA1
afed5feadec82088d3c23096f4f70212707217d0
-
SHA256
cc8eb79f7b6bb704c2ef7f2a06df967c7ec348f750c24828c887e55b62a2d2e4
-
SHA512
2646cd256a1167cbaa6e1e1952c6763d98f1f0d53834044f651779ff3d63ed4f4e340559d034ce10eb564ac15062938a1a6d40feff3c738cfd497976cbc30797
-
SSDEEP
6144:eb4S+1Mvyr3UGv9JYT1Z3jccvQVCrnOxfPSt2JKEg7X6WkTFK7:ebu+yrST1Z3jccvQVCr3t2JKECkpK7
Malware Config
Targets
-
-
Target
2025-04-22_59ad55af9cb72054981b67056d191468_elex_icedid_rhadamanthys_xiaobaminer
-
Size
538KB
-
MD5
59ad55af9cb72054981b67056d191468
-
SHA1
afed5feadec82088d3c23096f4f70212707217d0
-
SHA256
cc8eb79f7b6bb704c2ef7f2a06df967c7ec348f750c24828c887e55b62a2d2e4
-
SHA512
2646cd256a1167cbaa6e1e1952c6763d98f1f0d53834044f651779ff3d63ed4f4e340559d034ce10eb564ac15062938a1a6d40feff3c738cfd497976cbc30797
-
SSDEEP
6144:eb4S+1Mvyr3UGv9JYT1Z3jccvQVCrnOxfPSt2JKEg7X6WkTFK7:ebu+yrST1Z3jccvQVCr3t2JKECkpK7
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4