General

  • Target

    9e986f27c80920fb24aaf636dd1e14832f993b674cd53670c37c4db8ab0b6582

  • Size

    3.7MB

  • Sample

    230822-22jrkshd8y

  • MD5

    cc9c09a54f850338511cf24b068a9a94

  • SHA1

    2e56d1ddf3454eaee80249f2c2e5b6e09b5da0cc

  • SHA256

    9e986f27c80920fb24aaf636dd1e14832f993b674cd53670c37c4db8ab0b6582

  • SHA512

    a762eb5921e118f73e0a213186c1f8696474b866476188a45fdb1555651b37a9b0dd9889acfcbb05a4862057c8919ee137ad59ed243a2af457614a7ccf212d5e

  • SSDEEP

    98304:I0F9NpKPUdmIKL+b5cLQdYrHaa3I7+yR5TOUhG6C:/UUdBvdYrHaa3ICA

Malware Config

Targets

    • Target

      9e986f27c80920fb24aaf636dd1e14832f993b674cd53670c37c4db8ab0b6582

    • Size

      3.7MB

    • MD5

      cc9c09a54f850338511cf24b068a9a94

    • SHA1

      2e56d1ddf3454eaee80249f2c2e5b6e09b5da0cc

    • SHA256

      9e986f27c80920fb24aaf636dd1e14832f993b674cd53670c37c4db8ab0b6582

    • SHA512

      a762eb5921e118f73e0a213186c1f8696474b866476188a45fdb1555651b37a9b0dd9889acfcbb05a4862057c8919ee137ad59ed243a2af457614a7ccf212d5e

    • SSDEEP

      98304:I0F9NpKPUdmIKL+b5cLQdYrHaa3I7+yR5TOUhG6C:/UUdBvdYrHaa3ICA

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks