General

  • Target

    bed6bcf268ff073ff9c5a289ed9130688a8969daafec01f6a2cd2471abfdb6a8

  • Size

    11.6MB

  • Sample

    230822-sr7k8aef4w

  • MD5

    acd3b2602c90165d95b46af2db5035cf

  • SHA1

    b06824439f05051ca8660a881e6bdcd6517e8d12

  • SHA256

    bed6bcf268ff073ff9c5a289ed9130688a8969daafec01f6a2cd2471abfdb6a8

  • SHA512

    e78c46341d798d89864a7ac853aafe435503278447177e5d5d6dce97b2318d59876995f6e82d9f61797e153bf2fa203fcd82cbcd35ee641be9431b9b93875a3e

  • SSDEEP

    196608:pKXbeO78/HVtB/sGA/R5uJlPG5PbiKi0ibFcK77bSHokwj+kHUyyrZOuu7:q78/HbBEPy2PbiUeuokwjtTow

Malware Config

Targets

    • Target

      bed6bcf268ff073ff9c5a289ed9130688a8969daafec01f6a2cd2471abfdb6a8

    • Size

      11.6MB

    • MD5

      acd3b2602c90165d95b46af2db5035cf

    • SHA1

      b06824439f05051ca8660a881e6bdcd6517e8d12

    • SHA256

      bed6bcf268ff073ff9c5a289ed9130688a8969daafec01f6a2cd2471abfdb6a8

    • SHA512

      e78c46341d798d89864a7ac853aafe435503278447177e5d5d6dce97b2318d59876995f6e82d9f61797e153bf2fa203fcd82cbcd35ee641be9431b9b93875a3e

    • SSDEEP

      196608:pKXbeO78/HVtB/sGA/R5uJlPG5PbiKi0ibFcK77bSHokwj+kHUyyrZOuu7:q78/HbBEPy2PbiUeuokwjtTow

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks