General
-
Target
2024-08-27_3d0e0e2c5b78601584a3dbeb559abbb1_hijackloader_icedid
-
Size
4.6MB
-
Sample
240827-gstvzawdmh
-
MD5
3d0e0e2c5b78601584a3dbeb559abbb1
-
SHA1
7323909b4e014ed1eb04117f0cb1ab12127f6a02
-
SHA256
32dc8eaaefb851c761663e6cc136ffac9afe1c39f3b11fd0e4e63cdf2b6dd3da
-
SHA512
d2eff1b44868e01fb5adb160c6ee9436f1e013047fa45e1bdfd0c6b3f43690e976ca2c701b05f4add5b7631e25ba1c8542ae4c0beaf55b46a1d855e9ecbb3a40
-
SSDEEP
49152:R09XJt4HIN2H2tFvduyS21bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8bU:yZJt4HINy2Lk21bXsPN5kiQaZ56
Malware Config
Targets
-
-
Target
2024-08-27_3d0e0e2c5b78601584a3dbeb559abbb1_hijackloader_icedid
-
Size
4.6MB
-
MD5
3d0e0e2c5b78601584a3dbeb559abbb1
-
SHA1
7323909b4e014ed1eb04117f0cb1ab12127f6a02
-
SHA256
32dc8eaaefb851c761663e6cc136ffac9afe1c39f3b11fd0e4e63cdf2b6dd3da
-
SHA512
d2eff1b44868e01fb5adb160c6ee9436f1e013047fa45e1bdfd0c6b3f43690e976ca2c701b05f4add5b7631e25ba1c8542ae4c0beaf55b46a1d855e9ecbb3a40
-
SSDEEP
49152:R09XJt4HIN2H2tFvduyS21bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8bU:yZJt4HINy2Lk21bXsPN5kiQaZ56
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1