General

  • Target

    2024-06-19_4a002ada64250727a100c516fe68f4e6_icedid

  • Size

    3.8MB

  • Sample

    240619-1ljk7sxejn

  • MD5

    4a002ada64250727a100c516fe68f4e6

  • SHA1

    32fa1d10024d055b7b810f2900ea14c64f699157

  • SHA256

    fda4608793f197052d6d356b1522590357f4a42699820f7170b09ae6622d93f7

  • SHA512

    28a49a170337b9508431e260298fa3c0c2ad6ffc21a78c1a651960651164d5b81e54ca323844bee468c1069bd5ecc5e4fecacd1eabbbab103b1f0fb3f60bb3d0

  • SSDEEP

    49152:PYREXSVMDi3A8oIK+izmHMTX+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:Q2SVMD84Ito+Wwv2tP1PPknK

Malware Config

Targets

    • Target

      2024-06-19_4a002ada64250727a100c516fe68f4e6_icedid

    • Size

      3.8MB

    • MD5

      4a002ada64250727a100c516fe68f4e6

    • SHA1

      32fa1d10024d055b7b810f2900ea14c64f699157

    • SHA256

      fda4608793f197052d6d356b1522590357f4a42699820f7170b09ae6622d93f7

    • SHA512

      28a49a170337b9508431e260298fa3c0c2ad6ffc21a78c1a651960651164d5b81e54ca323844bee468c1069bd5ecc5e4fecacd1eabbbab103b1f0fb3f60bb3d0

    • SSDEEP

      49152:PYREXSVMDi3A8oIK+izmHMTX+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:Q2SVMD84Ito+Wwv2tP1PPknK

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Server Software Component: Terminal Services DLL

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks