General
-
Target
2024-07-01_6208380af28d0858dd021919e9f4022a_icedid
-
Size
4.0MB
-
Sample
240701-ctjzyawgqj
-
MD5
6208380af28d0858dd021919e9f4022a
-
SHA1
087d4e1f249fe7ea37ef7c4c451af1412f7b9c4b
-
SHA256
c0d6aa5d2f29d6a2cdcbc15fe0c14f102c456625f4e142a573fc043c347b94c5
-
SHA512
2d7d17ffff2ca5dd2293e06650b69e3615d62a7dbd8146361728f4a4cce51a52a13643b0de0072888d7ec32e5b2f12254d35355d8106a324aea9d714e58e5eda
-
SSDEEP
49152:aCwsbCANnKXferL7Vwe/Gg0P+Wh8hVxYDvr1hONSZjHZWUr422rIQY:Nws2ANnKXOaeOgmhQqD1R22D
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-01_6208380af28d0858dd021919e9f4022a_icedid.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
2024-07-01_6208380af28d0858dd021919e9f4022a_icedid
-
Size
4.0MB
-
MD5
6208380af28d0858dd021919e9f4022a
-
SHA1
087d4e1f249fe7ea37ef7c4c451af1412f7b9c4b
-
SHA256
c0d6aa5d2f29d6a2cdcbc15fe0c14f102c456625f4e142a573fc043c347b94c5
-
SHA512
2d7d17ffff2ca5dd2293e06650b69e3615d62a7dbd8146361728f4a4cce51a52a13643b0de0072888d7ec32e5b2f12254d35355d8106a324aea9d714e58e5eda
-
SSDEEP
49152:aCwsbCANnKXferL7Vwe/Gg0P+Wh8hVxYDvr1hONSZjHZWUr422rIQY:Nws2ANnKXOaeOgmhQqD1R22D
-
Gh0st RAT payload
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-