General

  • Target

    07ba5b5faac498b1c69a157cdc8a307fb6793104bc0d22b0c6683092315df916

  • Size

    132KB

  • Sample

    230418-bqm2raha65

  • MD5

    1148d4f4f27067471f705cf7225a53ba

  • SHA1

    fe93f393ab9bbb2ea02dd9145fffebfc6b02d4fb

  • SHA256

    07ba5b5faac498b1c69a157cdc8a307fb6793104bc0d22b0c6683092315df916

  • SHA512

    78bc4d21ee5ce684108fee9bb0230af5c899e5fee38a1e4740249dc8a7350c6b5cf7b9c953953cf080b0bef5ecec77089cc5b4503dde42504ba04aa800728610

  • SSDEEP

    1536:kgT/0TkbIjdWdPfBjlXhkep45JPkqi0BmVL:ku8TkbkdW7jlXhk1kqOV

Malware Config

Targets

    • Target

      07ba5b5faac498b1c69a157cdc8a307fb6793104bc0d22b0c6683092315df916

    • Size

      132KB

    • MD5

      1148d4f4f27067471f705cf7225a53ba

    • SHA1

      fe93f393ab9bbb2ea02dd9145fffebfc6b02d4fb

    • SHA256

      07ba5b5faac498b1c69a157cdc8a307fb6793104bc0d22b0c6683092315df916

    • SHA512

      78bc4d21ee5ce684108fee9bb0230af5c899e5fee38a1e4740249dc8a7350c6b5cf7b9c953953cf080b0bef5ecec77089cc5b4503dde42504ba04aa800728610

    • SSDEEP

      1536:kgT/0TkbIjdWdPfBjlXhkep45JPkqi0BmVL:ku8TkbkdW7jlXhk1kqOV

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks