General

  • Target

    2024-11-15_3d10a91080416972dc3ec7827fbd4d2b_icedid_luca-stealer

  • Size

    1.8MB

  • Sample

    241115-nkp1datcpj

  • MD5

    3d10a91080416972dc3ec7827fbd4d2b

  • SHA1

    e469a2bb89fbb57876d81c763e192cb0b04ecbfe

  • SHA256

    78c241d74aaceae2bce71fec57bd7ee8cbe9a75dd39d6149f79e3e45406c9b1c

  • SHA512

    ce1b9329a980ac0265b24badf954f8761d43ceaa40c50bdeb2e53d438ac1772fcea5fae77a2aedccbe94c28a0842f20690625ed71e642d93271e103cc49f9fd3

  • SSDEEP

    24576:+QZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVYIFbBmtIF6yRF17M:+QZAdVyVT9n/Gg0P+WhoMbh6v

Malware Config

Targets

    • Target

      2024-11-15_3d10a91080416972dc3ec7827fbd4d2b_icedid_luca-stealer

    • Size

      1.8MB

    • MD5

      3d10a91080416972dc3ec7827fbd4d2b

    • SHA1

      e469a2bb89fbb57876d81c763e192cb0b04ecbfe

    • SHA256

      78c241d74aaceae2bce71fec57bd7ee8cbe9a75dd39d6149f79e3e45406c9b1c

    • SHA512

      ce1b9329a980ac0265b24badf954f8761d43ceaa40c50bdeb2e53d438ac1772fcea5fae77a2aedccbe94c28a0842f20690625ed71e642d93271e103cc49f9fd3

    • SSDEEP

      24576:+QZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVYIFbBmtIF6yRF17M:+QZAdVyVT9n/Gg0P+WhoMbh6v

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks