General
-
Target
tmp
-
Size
375KB
-
Sample
221230-y65casge36
-
MD5
ae8feb1dadf827be9a522b4159f3ac9a
-
SHA1
b93774b6d58ccbe20aaf95d22636502a5eb9f762
-
SHA256
0108aa34b802442199c1c4d33aa6826c4a098fe72343a4aa690ea5be5cfba7d0
-
SHA512
ff607684539d533f385576b0cd14f902b8f3abe3eb3d9ccf7d35dae117e224ec177a53e8b1571df6785ff92626d3f73c666ecd09e2d7a47689d3f4c1932d47b2
-
SSDEEP
6144:ORjbUHOvGUNIE/FDjBazqjWgR+MSEtvlZTONpRGX5B4PY3mA0O0Gp8Nh/5Jod:ejbh9tDjiuT+xEtl0u4w3mAZyUd
Malware Config
Targets
-
-
Target
tmp
-
Size
375KB
-
MD5
ae8feb1dadf827be9a522b4159f3ac9a
-
SHA1
b93774b6d58ccbe20aaf95d22636502a5eb9f762
-
SHA256
0108aa34b802442199c1c4d33aa6826c4a098fe72343a4aa690ea5be5cfba7d0
-
SHA512
ff607684539d533f385576b0cd14f902b8f3abe3eb3d9ccf7d35dae117e224ec177a53e8b1571df6785ff92626d3f73c666ecd09e2d7a47689d3f4c1932d47b2
-
SSDEEP
6144:ORjbUHOvGUNIE/FDjBazqjWgR+MSEtvlZTONpRGX5B4PY3mA0O0Gp8Nh/5Jod:ejbh9tDjiuT+xEtl0u4w3mAZyUd
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation