Overview

overview

10

Static

static

3

2024-08-19...id.exe

windows7-x64

10

2024-08-19...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-19_075f4748edd73ada5afff9156ed9fa8f_icedid

  • Size

    1.3MB

  • Sample

    240819-bfcs2avgqc

  • MD5

    075f4748edd73ada5afff9156ed9fa8f

  • SHA1

    8b95980a8c361fbcd450f4405941cc1883bb4b39

  • SHA256

    7118ef4622edb0c221259e2cda6898b067dcbf0379aaf6659435c7af88d4cbd1

  • SHA512

    587448a98103b72698d6dec6bd86c87367c9e888eb9cee70fb7a8210c5aa122d550aaafa384f5c12825663c8081a383388dd704693ce3450e29718c5ebd42d22

  • SSDEEP

    12288:GHcbEP++XNzDUMN4i7/cQRfovvZDeknVMJzcnAM/1wj+emt7hV7FcjsRl74rr82+:G84NPDbcmEhVMZMqMtVxFy/6J9DxpI4

Score
10/10
gh0stratpurplefoxdiscoveryratrootkittrojan

Malware Config

Targets

    • Target

      2024-08-19_075f4748edd73ada5afff9156ed9fa8f_icedid

    • Size

      1.3MB

    • MD5

      075f4748edd73ada5afff9156ed9fa8f

    • SHA1

      8b95980a8c361fbcd450f4405941cc1883bb4b39

    • SHA256

      7118ef4622edb0c221259e2cda6898b067dcbf0379aaf6659435c7af88d4cbd1

    • SHA512

      587448a98103b72698d6dec6bd86c87367c9e888eb9cee70fb7a8210c5aa122d550aaafa384f5c12825663c8081a383388dd704693ce3450e29718c5ebd42d22

    • SSDEEP

      12288:GHcbEP++XNzDUMN4i7/cQRfovvZDeknVMJzcnAM/1wj+emt7hV7FcjsRl74rr82+:G84NPDbcmEhVMZMqMtVxFy/6J9DxpI4

    Score
    10/10
    gh0stratpurplefoxdiscoveryratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks