General

  • Target

    1ee3f1938ad18ae907b52733bba4591b7ea37460327eeaedc1129a0f2dbe452b

  • Size

    1.3MB

  • Sample

    230823-3yl8zagf54

  • MD5

    6c9b6df5a7f81d7b7e700cb894358e93

  • SHA1

    39561e9974c30495bd6543ccf816fb08b1f018de

  • SHA256

    1ee3f1938ad18ae907b52733bba4591b7ea37460327eeaedc1129a0f2dbe452b

  • SHA512

    d440148edfb1a84c3a44c7edcc2c334301489d24245ea0cd257ee8a910875a3471c7799baa657cd8c8639bbebb037a60fb5e67d81f440e964d1999b05d1f2899

  • SSDEEP

    24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNa:QHPkVOBTK

Malware Config

Targets

    • Target

      1ee3f1938ad18ae907b52733bba4591b7ea37460327eeaedc1129a0f2dbe452b

    • Size

      1.3MB

    • MD5

      6c9b6df5a7f81d7b7e700cb894358e93

    • SHA1

      39561e9974c30495bd6543ccf816fb08b1f018de

    • SHA256

      1ee3f1938ad18ae907b52733bba4591b7ea37460327eeaedc1129a0f2dbe452b

    • SHA512

      d440148edfb1a84c3a44c7edcc2c334301489d24245ea0cd257ee8a910875a3471c7799baa657cd8c8639bbebb037a60fb5e67d81f440e964d1999b05d1f2899

    • SSDEEP

      24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNa:QHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks