Resubmissions

21-04-2023 15:37

230421-s2g4baad2z 10

General

  • Target

    40ac2a5a4ea898a9b4b7009062c63b15.exe

  • Size

    1.6MB

  • Sample

    230421-s2g4baad2z

  • MD5

    40ac2a5a4ea898a9b4b7009062c63b15

  • SHA1

    6cb2de3ac7ec7efc7e8483ecf0e015b9c2819421

  • SHA256

    9793003669bcb9826d31c8dbb1c2d51097f661540d01ff8fffeb30ae1332a3c0

  • SHA512

    03908bedfee4ecf0e4a56ba9d40e657569bd3240a798d2d74e316236ab027fed791640915e8d72f49680301c08546af3b10ce05533196da28e4473da80708a3c

  • SSDEEP

    24576:ErJ+YtE0c1dxUnh+rgERYIeUUVJH7pbFnGIvaBnpL:+tY1e+rzRYjUUZ

Malware Config

Targets

    • Target

      40ac2a5a4ea898a9b4b7009062c63b15.exe

    • Size

      1.6MB

    • MD5

      40ac2a5a4ea898a9b4b7009062c63b15

    • SHA1

      6cb2de3ac7ec7efc7e8483ecf0e015b9c2819421

    • SHA256

      9793003669bcb9826d31c8dbb1c2d51097f661540d01ff8fffeb30ae1332a3c0

    • SHA512

      03908bedfee4ecf0e4a56ba9d40e657569bd3240a798d2d74e316236ab027fed791640915e8d72f49680301c08546af3b10ce05533196da28e4473da80708a3c

    • SSDEEP

      24576:ErJ+YtE0c1dxUnh+rgERYIeUUVJH7pbFnGIvaBnpL:+tY1e+rzRYjUUZ

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks