General

  • Target

    tmp

  • Size

    2.1MB

  • Sample

    221013-vrvyjaefb7

  • MD5

    b54e711a5aaf30f7fcc9c3b7b6442126

  • SHA1

    eca5ed7ac8206338b5c0e218ff7b8784e1c02df5

  • SHA256

    607a6b1f37b82df1c683556c1a0241257c6e92314e79a50c2faa26cc16b70417

  • SHA512

    c67e687f0edb0c46ff4287adc8b8cc3273e4dbeb226baef854e0f9ce6a2262f5bb517fd218c6ac7f669b30fcd9034d5aeb8e4c0e3c7d9fdceb947dd9ecacc95f

  • SSDEEP

    24576:H5IM3d4I30X7wjtyRtWgHN8kSszVSlMHcTDBMGr9chBMkQI4DVJ:HvXtyRtWgGkSMbHcTDhoQ7

Malware Config

Targets

    • Target

      tmp

    • Size

      2.1MB

    • MD5

      b54e711a5aaf30f7fcc9c3b7b6442126

    • SHA1

      eca5ed7ac8206338b5c0e218ff7b8784e1c02df5

    • SHA256

      607a6b1f37b82df1c683556c1a0241257c6e92314e79a50c2faa26cc16b70417

    • SHA512

      c67e687f0edb0c46ff4287adc8b8cc3273e4dbeb226baef854e0f9ce6a2262f5bb517fd218c6ac7f669b30fcd9034d5aeb8e4c0e3c7d9fdceb947dd9ecacc95f

    • SSDEEP

      24576:H5IM3d4I30X7wjtyRtWgHN8kSszVSlMHcTDBMGr9chBMkQI4DVJ:HvXtyRtWgGkSMbHcTDhoQ7

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks