General

  • Target

    2024-03-22_2cd8d7d957cf3e7e5aed6869107cdffa_icedid

  • Size

    4.0MB

  • Sample

    240322-rvl81scf47

  • MD5

    2cd8d7d957cf3e7e5aed6869107cdffa

  • SHA1

    2444b822008b71b4856877f808863bc2b3b0d007

  • SHA256

    912570025c750b760e0260407406df9bd3803f1e1caa8ffda843ab25babeff6d

  • SHA512

    060df6538a6545118b21e018f44434238fad28862e088fde2692a32dc191f657818f682d35935c57798c4fcc0db3cc49a10b104cc55f4221e91648a2f622ee1f

  • SSDEEP

    49152:jsy+7QNG6E3IWHPkVOBTKTo+tPZz4TTDWGCXQUi82RzdIM0:vmQNG6E3IzO0To+tPZz4THWG6/h24M0

Malware Config

Targets

    • Target

      2024-03-22_2cd8d7d957cf3e7e5aed6869107cdffa_icedid

    • Size

      4.0MB

    • MD5

      2cd8d7d957cf3e7e5aed6869107cdffa

    • SHA1

      2444b822008b71b4856877f808863bc2b3b0d007

    • SHA256

      912570025c750b760e0260407406df9bd3803f1e1caa8ffda843ab25babeff6d

    • SHA512

      060df6538a6545118b21e018f44434238fad28862e088fde2692a32dc191f657818f682d35935c57798c4fcc0db3cc49a10b104cc55f4221e91648a2f622ee1f

    • SSDEEP

      49152:jsy+7QNG6E3IWHPkVOBTKTo+tPZz4TTDWGCXQUi82RzdIM0:vmQNG6E3IzO0To+tPZz4THWG6/h24M0

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Detects executables calling ClearMyTracksByProcess

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks