General
-
Target
202405241bc3a87cdb7b043d151ca9e60b691060icedid
-
Size
11.6MB
-
Sample
240525-zymb7aah93
-
MD5
1bc3a87cdb7b043d151ca9e60b691060
-
SHA1
1ef2098c62c4c6e904d97c7978071cf36c4c9bc8
-
SHA256
e07286d144456f878ac1501bcb1628eb87b7a8460fcf99d3625e843a99cacc67
-
SHA512
cf580653719db655543817a34a0e1e8b6d839123a8aa7ab8f3d89565cb1a1b5a5f1a4d890f884917de0ba704f1c02a77701ef66c9a8e1f979ee4cf73286c5199
-
SSDEEP
98304:Xws2ANnKXOaeOgmhcrJ5PDJ4KFvOCtiudmsV5BuOCj1DTUaERonwPnAxYTUnEsy5:hKXbeO7KJpBFvOfBoPnAx2D
Malware Config
Targets
-
-
Target
202405241bc3a87cdb7b043d151ca9e60b691060icedid
-
Size
11.6MB
-
MD5
1bc3a87cdb7b043d151ca9e60b691060
-
SHA1
1ef2098c62c4c6e904d97c7978071cf36c4c9bc8
-
SHA256
e07286d144456f878ac1501bcb1628eb87b7a8460fcf99d3625e843a99cacc67
-
SHA512
cf580653719db655543817a34a0e1e8b6d839123a8aa7ab8f3d89565cb1a1b5a5f1a4d890f884917de0ba704f1c02a77701ef66c9a8e1f979ee4cf73286c5199
-
SSDEEP
98304:Xws2ANnKXOaeOgmhcrJ5PDJ4KFvOCtiudmsV5BuOCj1DTUaERonwPnAxYTUnEsy5:hKXbeO7KJpBFvOfBoPnAx2D
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-