General
-
Target
2024-03-18_bc9a20cc18e9d5b7bd2c6fed5d34ce73_icedid
-
Size
4.4MB
-
Sample
240318-p25mtshb49
-
MD5
bc9a20cc18e9d5b7bd2c6fed5d34ce73
-
SHA1
70d6f9123cdb1574d654a3b73e2bb911101d4ffd
-
SHA256
8685dc2ef7efb3535ea4abec580db259604832bd56d60aea562610b511abc60a
-
SHA512
8e35d9a8e1511adf8c88445c72a9f708f48d7e908abc5e5fcf679de2b7f2243824d6542d44b30cb6013bd410b52bbbfe50f94cdab1a929827aefc9ba387d437d
-
SSDEEP
98304:Vws2ANnKXOaeOgmhg06FOznLo0+Dd6uxc30F:fKXbeO7i3F6n80W6uG3y
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-18_bc9a20cc18e9d5b7bd2c6fed5d34ce73_icedid.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2024-03-18_bc9a20cc18e9d5b7bd2c6fed5d34ce73_icedid
-
Size
4.4MB
-
MD5
bc9a20cc18e9d5b7bd2c6fed5d34ce73
-
SHA1
70d6f9123cdb1574d654a3b73e2bb911101d4ffd
-
SHA256
8685dc2ef7efb3535ea4abec580db259604832bd56d60aea562610b511abc60a
-
SHA512
8e35d9a8e1511adf8c88445c72a9f708f48d7e908abc5e5fcf679de2b7f2243824d6542d44b30cb6013bd410b52bbbfe50f94cdab1a929827aefc9ba387d437d
-
SSDEEP
98304:Vws2ANnKXOaeOgmhg06FOznLo0+Dd6uxc30F:fKXbeO7i3F6n80W6uG3y
-
Gh0st RAT payload
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-