General

  • Target

    08f86429b9cd43cfeb4379418e5350f8

  • Size

    1.3MB

  • Sample

    230531-l9q8maee8t

  • MD5

    08f86429b9cd43cfeb4379418e5350f8

  • SHA1

    15965da0b459d890e8ef0186bef97afb9301718e

  • SHA256

    5d01444b146fdcd099631627115f1bded3269fec422a6a691604e7e6279817a2

  • SHA512

    bd97155343429e81873bf4058bb24343600c34a710e6ce32baa0acd0a0ff34949b40a8741060e48d756f0a90cda959b25eff8492ab886c07853c494725eb2f0d

  • SSDEEP

    24576:W7qhfbYtE0c1dxUnh+rgERYIeUUVJH7pb8zI8:W7qhfctY1e+rzRYjUUZIV

Malware Config

Targets

    • Target

      08f86429b9cd43cfeb4379418e5350f8

    • Size

      1.3MB

    • MD5

      08f86429b9cd43cfeb4379418e5350f8

    • SHA1

      15965da0b459d890e8ef0186bef97afb9301718e

    • SHA256

      5d01444b146fdcd099631627115f1bded3269fec422a6a691604e7e6279817a2

    • SHA512

      bd97155343429e81873bf4058bb24343600c34a710e6ce32baa0acd0a0ff34949b40a8741060e48d756f0a90cda959b25eff8492ab886c07853c494725eb2f0d

    • SSDEEP

      24576:W7qhfbYtE0c1dxUnh+rgERYIeUUVJH7pb8zI8:W7qhfctY1e+rzRYjUUZIV

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks