General

  • Target

    8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c

  • Size

    1MB

  • Sample

    221218-xmpbasdd47

  • MD5

    6ab50f779474b8c5b42a3465e4a8c9a6

  • SHA1

    fb61c0b0a4128023861f5a19db53a4e71d1b5fa1

  • SHA256

    8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c

  • SHA512

    5673949a5ef8b0d5bc2eb61dbbbfbbaf500c9e0ca7cb6e1f70d524a86ce8341fdd7aa4e7c1febbde39d951207fb1b9a3161c970eace10872748352050240a4f4

  • SSDEEP

    12288:fTldOhSO4HIhLXlppgctit9NQDW70oLrOPi7mMhkb8vVXvdHNIuW3iuMBMY9S:fTldivbpgj/7Nr9KbmdtfW/MBMY9S

Malware Config

Targets

    • Target

      8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c

    • Size

      1MB

    • MD5

      6ab50f779474b8c5b42a3465e4a8c9a6

    • SHA1

      fb61c0b0a4128023861f5a19db53a4e71d1b5fa1

    • SHA256

      8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c

    • SHA512

      5673949a5ef8b0d5bc2eb61dbbbfbbaf500c9e0ca7cb6e1f70d524a86ce8341fdd7aa4e7c1febbde39d951207fb1b9a3161c970eace10872748352050240a4f4

    • SSDEEP

      12288:fTldOhSO4HIhLXlppgctit9NQDW70oLrOPi7mMhkb8vVXvdHNIuW3iuMBMY9S:fTldivbpgj/7Nr9KbmdtfW/MBMY9S

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks