General

  • Target

    60f5f9100f9c5793cba2c7bbd85e6ea7703dff4bb12d8f5d44620050642f47e2

  • Size

    919KB

  • Sample

    221020-rlykpahcc3

  • MD5

    5a73f5e451b5c009494c49fd484e58af

  • SHA1

    532b2702b09a1831cce9490de7b506510365c8bf

  • SHA256

    60f5f9100f9c5793cba2c7bbd85e6ea7703dff4bb12d8f5d44620050642f47e2

  • SHA512

    bd5acbdcf3ca500ca9da2a9a9e7ce24777ca163bf4099303bfa001566aae40de0a3337a03deff08c765bad686a57ae544b8590956ba541a44d61f8704d8abe9f

  • SSDEEP

    24576:6Jc26tUVSEg0BpT5kBYandPYi95LXNxVKhIN8+e+dLeT9pDT:6O26I8u+2andPYCNVQIiz+d

Malware Config

Targets

    • Target

      60f5f9100f9c5793cba2c7bbd85e6ea7703dff4bb12d8f5d44620050642f47e2

    • Size

      919KB

    • MD5

      5a73f5e451b5c009494c49fd484e58af

    • SHA1

      532b2702b09a1831cce9490de7b506510365c8bf

    • SHA256

      60f5f9100f9c5793cba2c7bbd85e6ea7703dff4bb12d8f5d44620050642f47e2

    • SHA512

      bd5acbdcf3ca500ca9da2a9a9e7ce24777ca163bf4099303bfa001566aae40de0a3337a03deff08c765bad686a57ae544b8590956ba541a44d61f8704d8abe9f

    • SSDEEP

      24576:6Jc26tUVSEg0BpT5kBYandPYi95LXNxVKhIN8+e+dLeT9pDT:6O26I8u+2andPYCNVQIiz+d

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks