General

  • Target

    2024-11-05_719c52fb09f27c9148609a0b84a7e136_hijackloader_icedid

  • Size

    4.1MB

  • Sample

    241105-lem8gs1mdp

  • MD5

    719c52fb09f27c9148609a0b84a7e136

  • SHA1

    34ac31f324a3475af713ba44c2655c0a15314bcd

  • SHA256

    d4f6714257d8143f522f5608b6f5b52f89de19c0abf28dc275fcfee3d4e1aee9

  • SHA512

    a78b62744f6f2cc8c710472f56a4867bd503cf2f80e7e349dc90c077f76292e4a6e14b250f09a6b01a98af1d45fc8a0f2e62558482430f08ad6d8f66f1548e18

  • SSDEEP

    49152:MQZAdVyVT9n/Gg0P+WhoJ4BYEGPAnO2nABGt4IdjWx8Uh3ToaG4VbUVfQ25iBxpc:tGdVyVT9nOgmhxObmnCqt6oabOV

Malware Config

Targets

    • Target

      2024-11-05_719c52fb09f27c9148609a0b84a7e136_hijackloader_icedid

    • Size

      4.1MB

    • MD5

      719c52fb09f27c9148609a0b84a7e136

    • SHA1

      34ac31f324a3475af713ba44c2655c0a15314bcd

    • SHA256

      d4f6714257d8143f522f5608b6f5b52f89de19c0abf28dc275fcfee3d4e1aee9

    • SHA512

      a78b62744f6f2cc8c710472f56a4867bd503cf2f80e7e349dc90c077f76292e4a6e14b250f09a6b01a98af1d45fc8a0f2e62558482430f08ad6d8f66f1548e18

    • SSDEEP

      49152:MQZAdVyVT9n/Gg0P+WhoJ4BYEGPAnO2nABGt4IdjWx8Uh3ToaG4VbUVfQ25iBxpc:tGdVyVT9nOgmhxObmnCqt6oabOV

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks