General
-
Target
2024-10-11_cda135f1512e01e2a92a5691f952c5bb_hijackloader_icedid
-
Size
4.3MB
-
Sample
241011-pqra3ascrh
-
MD5
cda135f1512e01e2a92a5691f952c5bb
-
SHA1
89f31846a0614c57732c61619e2e10e57ffd2534
-
SHA256
144d23c7ff003cb38e44dd814105e7a02306c7d7afeaa5a0836834f7769b5561
-
SHA512
1e6158f1eafc88b532589b0d7015267454973db8bdfae8d3d2b797d4509782315f61aecce4b187322c6fe34456c437cdc137e8dddea740f2a35ab7df3c32a754
-
SSDEEP
49152:LCwsbCANnKXferL7Vwe/Gg0P+WhB+LnRuQ5fnDtTOgnmuKcwGFqV+DO+2a38VhQa:Ows2ANnKXOaeOgmhcYQ/KgnocFPO+S
Malware Config
Targets
-
-
Target
2024-10-11_cda135f1512e01e2a92a5691f952c5bb_hijackloader_icedid
-
Size
4.3MB
-
MD5
cda135f1512e01e2a92a5691f952c5bb
-
SHA1
89f31846a0614c57732c61619e2e10e57ffd2534
-
SHA256
144d23c7ff003cb38e44dd814105e7a02306c7d7afeaa5a0836834f7769b5561
-
SHA512
1e6158f1eafc88b532589b0d7015267454973db8bdfae8d3d2b797d4509782315f61aecce4b187322c6fe34456c437cdc137e8dddea740f2a35ab7df3c32a754
-
SSDEEP
49152:LCwsbCANnKXferL7Vwe/Gg0P+WhB+LnRuQ5fnDtTOgnmuKcwGFqV+DO+2a38VhQa:Ows2ANnKXOaeOgmhcYQ/KgnocFPO+S
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1