General
-
Target
2024-12-05_7e6bbbe6f0d2afbcdab740efe8b1db6f_hijackloader_icedid
-
Size
3.0MB
-
Sample
241205-r7mejsyqbw
-
MD5
7e6bbbe6f0d2afbcdab740efe8b1db6f
-
SHA1
c3b6d18fe165dabf9b63ea394fcfe2c4cdaa8e7c
-
SHA256
a44848c7375696bfbeedcc854d522757b99432d73d3e5d17d4e3a4c7525a89d2
-
SHA512
78f5a011d40aed230af7d38979ddf9184bcb2d81e9da99a21e16b8b923e5405fcfcf7b90be442f72a90d083a555972db1bf3fafc1fda13af20159b953cc55010
-
SSDEEP
98304:BGdVyVT9nOgmhvnG/wNbTC+vipJ2bsQ+VnG/ws:+WT9nO71+wF/ilQ+V+ws
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-05_7e6bbbe6f0d2afbcdab740efe8b1db6f_hijackloader_icedid.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-12-05_7e6bbbe6f0d2afbcdab740efe8b1db6f_hijackloader_icedid
-
Size
3.0MB
-
MD5
7e6bbbe6f0d2afbcdab740efe8b1db6f
-
SHA1
c3b6d18fe165dabf9b63ea394fcfe2c4cdaa8e7c
-
SHA256
a44848c7375696bfbeedcc854d522757b99432d73d3e5d17d4e3a4c7525a89d2
-
SHA512
78f5a011d40aed230af7d38979ddf9184bcb2d81e9da99a21e16b8b923e5405fcfcf7b90be442f72a90d083a555972db1bf3fafc1fda13af20159b953cc55010
-
SSDEEP
98304:BGdVyVT9nOgmhvnG/wNbTC+vipJ2bsQ+VnG/ws:+WT9nO71+wF/ilQ+V+ws
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
A potential corporate email address has been identified in the URL: icon-macOS@2x_ebb427cc.png
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1