General

  • Target

    2024-12-30_c53881404b1477f2e8cf448474a9efd7_icedid

  • Size

    482KB

  • Sample

    241230-bs1qmatken

  • MD5

    c53881404b1477f2e8cf448474a9efd7

  • SHA1

    18ac57f3054d7444276fed46e1b9188a8dfbde75

  • SHA256

    2738ed1bcaa0bf89b44cc8dabb9f9464c76be0a1971196f42f097654370a29b5

  • SHA512

    d40d3180bcc9a73be0eb319610f867bfec8788a3058c491ea0cee801cab4513524b6898037789363886774619d31a88b2133964532cfdf068b9866dd1bff4375

  • SSDEEP

    12288:zVXt7NBVMBwfFTRmKzUuk5jYwwA/KDxHogFI:j3K4R8fuk5kwwA/KVHY

Malware Config

Targets

    • Target

      2024-12-30_c53881404b1477f2e8cf448474a9efd7_icedid

    • Size

      482KB

    • MD5

      c53881404b1477f2e8cf448474a9efd7

    • SHA1

      18ac57f3054d7444276fed46e1b9188a8dfbde75

    • SHA256

      2738ed1bcaa0bf89b44cc8dabb9f9464c76be0a1971196f42f097654370a29b5

    • SHA512

      d40d3180bcc9a73be0eb319610f867bfec8788a3058c491ea0cee801cab4513524b6898037789363886774619d31a88b2133964532cfdf068b9866dd1bff4375

    • SSDEEP

      12288:zVXt7NBVMBwfFTRmKzUuk5jYwwA/KDxHogFI:j3K4R8fuk5kwwA/KVHY

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks