General

  • Target

    35632c637dd0836b50a932a108ab62eced3a1b989414dcc29b11c214845a774e

  • Size

    1.4MB

  • Sample

    230822-jv5rcscd3y

  • MD5

    182f95c6f4b4323cf890333cb24ce8b8

  • SHA1

    3c845a203be7cedc950d648ab2290145f3fc6353

  • SHA256

    35632c637dd0836b50a932a108ab62eced3a1b989414dcc29b11c214845a774e

  • SHA512

    2fd87e4ccd695f246d718aa2c3058334bcec1d93b3f148ae87988132aa5b3fbb9f528448ea3e769c4465fac5cfd1fa7219115f8cbf14f0f26668ab387b5c8264

  • SSDEEP

    24576:GZnQwOUgbPM0x/OGyR82LFVSlntt/bTPv7Jjp:Gl+kx2r/Hj5p

Malware Config

Targets

    • Target

      35632c637dd0836b50a932a108ab62eced3a1b989414dcc29b11c214845a774e

    • Size

      1.4MB

    • MD5

      182f95c6f4b4323cf890333cb24ce8b8

    • SHA1

      3c845a203be7cedc950d648ab2290145f3fc6353

    • SHA256

      35632c637dd0836b50a932a108ab62eced3a1b989414dcc29b11c214845a774e

    • SHA512

      2fd87e4ccd695f246d718aa2c3058334bcec1d93b3f148ae87988132aa5b3fbb9f528448ea3e769c4465fac5cfd1fa7219115f8cbf14f0f26668ab387b5c8264

    • SSDEEP

      24576:GZnQwOUgbPM0x/OGyR82LFVSlntt/bTPv7Jjp:Gl+kx2r/Hj5p

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks