General
-
Target
2024-12-10_709741d6761d9a1f9886d2a4443745a4_icedid
-
Size
21.4MB
-
Sample
241210-b1xnyatpak
-
MD5
709741d6761d9a1f9886d2a4443745a4
-
SHA1
b35640ed4d7d20b2495fefcd874aed2f4df22d7d
-
SHA256
213ad0f5dda1bc19aca8361a0eac5417505ce709c84080a09203b878c78492ec
-
SHA512
c58124dfd1a530af215adbd5ecd0dd707d6b837a7edec19734a74271a50442e09bdc8753285b75ceb2bb3e6130e3d5b5dd40a19e1166cbebbdf8af20ce862ae6
-
SSDEEP
196608:sKXbeO71uYMxMAu9g2TLElW9hg6Bawo53f6m6wJvQVEhiUafRvQOBMMJHaZ2:N71ud+Aa/aD5PJ6XEh0xBpV
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-10_709741d6761d9a1f9886d2a4443745a4_icedid.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
2024-12-10_709741d6761d9a1f9886d2a4443745a4_icedid
-
Size
21.4MB
-
MD5
709741d6761d9a1f9886d2a4443745a4
-
SHA1
b35640ed4d7d20b2495fefcd874aed2f4df22d7d
-
SHA256
213ad0f5dda1bc19aca8361a0eac5417505ce709c84080a09203b878c78492ec
-
SHA512
c58124dfd1a530af215adbd5ecd0dd707d6b837a7edec19734a74271a50442e09bdc8753285b75ceb2bb3e6130e3d5b5dd40a19e1166cbebbdf8af20ce862ae6
-
SSDEEP
196608:sKXbeO71uYMxMAu9g2TLElW9hg6Bawo53f6m6wJvQVEhiUafRvQOBMMJHaZ2:N71ud+Aa/aD5PJ6XEh0xBpV
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1