General
-
Target
2024-12-04_d13dd22ac27c6b08ed370efe5c149ad9_icedid
-
Size
2.6MB
-
Sample
241204-kvsbpszqhz
-
MD5
d13dd22ac27c6b08ed370efe5c149ad9
-
SHA1
c8ddbb241857d4f2a935f42bc5d3df7b8ac0472c
-
SHA256
758240f889ff551b9cafaabf8e31e8c54b8133f038340a1c80784a6f0dc4c737
-
SHA512
e8ecc392fa78fb07b10d2b3ed3d55f2919d28fa865b3eb3b19a347abdb63e7c1c4779a7df65f4377eb65775cad95e6a9a6e6597429b88a8a9d3b5bd76367203a
-
SSDEEP
24576:UCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHN:UCwsbCANnKXferL7Vwe/Gg0P+WhlWhN
Malware Config
Targets
-
-
Target
2024-12-04_d13dd22ac27c6b08ed370efe5c149ad9_icedid
-
Size
2.6MB
-
MD5
d13dd22ac27c6b08ed370efe5c149ad9
-
SHA1
c8ddbb241857d4f2a935f42bc5d3df7b8ac0472c
-
SHA256
758240f889ff551b9cafaabf8e31e8c54b8133f038340a1c80784a6f0dc4c737
-
SHA512
e8ecc392fa78fb07b10d2b3ed3d55f2919d28fa865b3eb3b19a347abdb63e7c1c4779a7df65f4377eb65775cad95e6a9a6e6597429b88a8a9d3b5bd76367203a
-
SSDEEP
24576:UCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHN:UCwsbCANnKXferL7Vwe/Gg0P+WhlWhN
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1