General

  • Target

    76b84c6bec4ba2a16d71509cfdae2da3_icedid_JC.exe

  • Size

    4.1MB

  • Sample

    230823-tg1wcsdg37

  • MD5

    76b84c6bec4ba2a16d71509cfdae2da3

  • SHA1

    427265444234f0c8e64a1d7ea100f926299fec98

  • SHA256

    3666f02f3a0b13496e4071ae74c5d23e08dc5e7f1fe4e68f72023a51af395c8a

  • SHA512

    2ade6487b1b823ff6d4ceb963c93074e1a7e5dc13ab34bce543bce51f761c0491dc09f7957760d5c4373f117af40331669e037aeb12e27b020d8b9a8be2ce623

  • SSDEEP

    98304:UZJt4HINy2LkZL0kY/ybbTIuCysWngBSu/H2S4:aiINy2LkKkEQTEy5

Malware Config

Targets

    • Target

      76b84c6bec4ba2a16d71509cfdae2da3_icedid_JC.exe

    • Size

      4.1MB

    • MD5

      76b84c6bec4ba2a16d71509cfdae2da3

    • SHA1

      427265444234f0c8e64a1d7ea100f926299fec98

    • SHA256

      3666f02f3a0b13496e4071ae74c5d23e08dc5e7f1fe4e68f72023a51af395c8a

    • SHA512

      2ade6487b1b823ff6d4ceb963c93074e1a7e5dc13ab34bce543bce51f761c0491dc09f7957760d5c4373f117af40331669e037aeb12e27b020d8b9a8be2ce623

    • SSDEEP

      98304:UZJt4HINy2LkZL0kY/ybbTIuCysWngBSu/H2S4:aiINy2LkKkEQTEy5

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks