General

  • Target

    ab9aa027ce51c07f20cffa69a0ce12d168ec49a2968e4c13d3949028e9a7a745

  • Size

    1.5MB

  • Sample

    230822-21t6xshd8w

  • MD5

    eb8c143babaa7777129eff39c0d7edcf

  • SHA1

    cbfb1a2bc4c34282e6163e51dc650668df17ab9c

  • SHA256

    ab9aa027ce51c07f20cffa69a0ce12d168ec49a2968e4c13d3949028e9a7a745

  • SHA512

    4ea6e902cd2a24f65f250154f84fa000321204e5ace5f547618cbeb3ac5d30d22ac45c0079f2888bd0b5665a5f6ee80bfd29ab3113f1c05a64a19c064be9c02c

  • SSDEEP

    24576:209tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+2X:209XJt4HIN2H2tFvduySEX

Malware Config

Targets

    • Target

      ab9aa027ce51c07f20cffa69a0ce12d168ec49a2968e4c13d3949028e9a7a745

    • Size

      1.5MB

    • MD5

      eb8c143babaa7777129eff39c0d7edcf

    • SHA1

      cbfb1a2bc4c34282e6163e51dc650668df17ab9c

    • SHA256

      ab9aa027ce51c07f20cffa69a0ce12d168ec49a2968e4c13d3949028e9a7a745

    • SHA512

      4ea6e902cd2a24f65f250154f84fa000321204e5ace5f547618cbeb3ac5d30d22ac45c0079f2888bd0b5665a5f6ee80bfd29ab3113f1c05a64a19c064be9c02c

    • SSDEEP

      24576:209tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+2X:209XJt4HIN2H2tFvduySEX

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks