General

  • Target

    0e3136edb9e6c56e6b50f3da90f9f55e75ed6e237f558fd4ee8c0a29931f38c5

  • Size

    1.3MB

  • Sample

    230822-wydhhaed25

  • MD5

    94d786c9c91d0d629520a7535d7c7b39

  • SHA1

    46f3d1522065c8c552c929f59187adf8a71abff3

  • SHA256

    0e3136edb9e6c56e6b50f3da90f9f55e75ed6e237f558fd4ee8c0a29931f38c5

  • SHA512

    c8c985947b07317f316716fcbd3bf2ae17b08e17716c25a90f09ad5c1a4f8c1430e8a386fc3d9f09f2b378303b6ce7905ebd47739cc886808325e7c5190acb82

  • SSDEEP

    24576:edOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHpcC6g6v66666ES66666E6kD66666u:edOWFJbtSMXoTLq73xKlcC6g6v66666l

Malware Config

Targets

    • Target

      0e3136edb9e6c56e6b50f3da90f9f55e75ed6e237f558fd4ee8c0a29931f38c5

    • Size

      1.3MB

    • MD5

      94d786c9c91d0d629520a7535d7c7b39

    • SHA1

      46f3d1522065c8c552c929f59187adf8a71abff3

    • SHA256

      0e3136edb9e6c56e6b50f3da90f9f55e75ed6e237f558fd4ee8c0a29931f38c5

    • SHA512

      c8c985947b07317f316716fcbd3bf2ae17b08e17716c25a90f09ad5c1a4f8c1430e8a386fc3d9f09f2b378303b6ce7905ebd47739cc886808325e7c5190acb82

    • SSDEEP

      24576:edOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHpcC6g6v66666ES66666E6kD66666u:edOWFJbtSMXoTLq73xKlcC6g6v66666l

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks