General

  • Target

    7434ae4092299d03f8059bb6d292c27fc7e2540fa7f9ffb3a847e284e4895f31

  • Size

    1.9MB

  • Sample

    230823-lqncmacg4v

  • MD5

    575e1721023f58ec8d7e988074dd3adb

  • SHA1

    00d318ccc4a8270410b0ba01d34763ccf76a8d0c

  • SHA256

    7434ae4092299d03f8059bb6d292c27fc7e2540fa7f9ffb3a847e284e4895f31

  • SHA512

    4c7eaa8904a5d63db8b7d1860077181a5748713cc6336af9bd110a6a391c417638f606bb53e15f1c18bccc2a51d7a969e742f33009447a2f4fdcff9ae300ad29

  • SSDEEP

    24576:WQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVKlKs3PNnx2qIyF:WQZAdVyVT9n/Gg0P+WhojKs3P5x2I

Malware Config

Targets

    • Target

      7434ae4092299d03f8059bb6d292c27fc7e2540fa7f9ffb3a847e284e4895f31

    • Size

      1.9MB

    • MD5

      575e1721023f58ec8d7e988074dd3adb

    • SHA1

      00d318ccc4a8270410b0ba01d34763ccf76a8d0c

    • SHA256

      7434ae4092299d03f8059bb6d292c27fc7e2540fa7f9ffb3a847e284e4895f31

    • SHA512

      4c7eaa8904a5d63db8b7d1860077181a5748713cc6336af9bd110a6a391c417638f606bb53e15f1c18bccc2a51d7a969e742f33009447a2f4fdcff9ae300ad29

    • SSDEEP

      24576:WQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVKlKs3PNnx2qIyF:WQZAdVyVT9n/Gg0P+WhojKs3P5x2I

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks