Overview

overview

10

Static

static

1

virus/meitu.chm

windows7-x64

1

virus/meitu.chm

windows10-2004-x64

7

virus/白�...ow.dll

windows7-x64

10

virus/白�...ow.dll

windows10-2004-x64

10

virus/白�...st.exe

windows7-x64

virus/白�...st.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected2023031501.zip

  • Size

    2.1MB

  • Sample

    230316-dxe1tsba7v

  • MD5

    356038ce79af5b6f9eba56f2ddc691b5

  • SHA1

    c2a22127c381035da4ce48bd8b2fc7dc1aafd2ac

  • SHA256

    ead1aac1a530be0f846600c3fa6d91567b6574e0824c5f29fee08e30ae5a1d15

  • SHA512

    dc0a1887e8e288b5dfd727691cb2f139549b71710fda2d1d7e8454383bc06f5ec216b61bcc6e754eee50a5f5e00d36d0b0833b26583499070d64fe2b2ce33160

  • SSDEEP

    49152:u6YlELokvl0D1ZxAFmirqblhTzu4Uy923wzHlC5Mlp:u6Y+NI1Zq7qJhTzyq237Ep

Score
10/10
gh0stratpurplefoxpersistenceratrootkittrojan

Malware Config

Targets

    • Target

      virus/meitu.CHM

    • Size

      1.2MB

    • MD5

      3dbfbb912f430ae62df647a767a86884

    • SHA1

      0604930ef6eef2e10ae38e9b89d819ecda25f847

    • SHA256

      8ffcc91dcb5657a9e8012bdc8b3b73bf541161f7c619e824fd5c5ae4b9b129f1

    • SHA512

      984f57541f443b36b991df5a2bbb4f55760a9a08f0b49d3fb9908c6bcc0a7fa6eb16cb3c2fbb659e700836af35eef942c007ab60c4bb09972d6a34968dc1e38d

    • SSDEEP

      24576:i7cuHGvz89BSOMfdLDCb1IlosIfHvzceiw3L3DYxROi2nmbvkIOMaNC:i7cuG89BSOALDs7sIPvzceiwb3DYv5bl

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      virus/白加黑衍生物/UpgradeShow.dll

    • Size

      2.6MB

    • MD5

      344573557b9ed92d639acf191a4538ab

    • SHA1

      c0ee613f353b1c0e7eaa343d9aa053bca9a87e5b

    • SHA256

      39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131

    • SHA512

      1696319e3cf92f8548c25442b587571e818f167e4492a08ea4d26e49ae3f54f2461c8e5168696418b510d794d5c8d8cd35f0a3ddb6095793652381e36344f5a7

    • SSDEEP

      24576:8jrINGHhvax4WwOAR++r+1UIMj7GyifH3psEiNfxyyjj5ddddi66Prip11pA:arIN4k4/M+r+1Upj7GyifH3psE/ipTq

    Score
    10/10
    gh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      virus/白加黑衍生物/svch0st.exe

    • Size

      985KB

    • MD5

      9606b727e58cb0157e1586adac252462

    • SHA1

      9bbb77aea71b44f0f7737ed47bae3fa67df6c8d4

    • SHA256

      8fcbe954783759e96a9cc1cf6aa2cb16d6c95a8f0a0c661ee0c1e241079c6de2

    • SHA512

      1d07695b0d597703336d0d0a50353712c83ba5354de006a7a444dd270253ce5a4e362cb98e83acfedabe325f29e3da51946cc3625bb8f452cf212cdccc9eba1f

    • SSDEEP

      12288:OL/JAG6yuZ6hivOQffehNA0rswA/C9gCyWJSA6L8nu:e/JAG6mBrsR/C9pyWJSt

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks