General

  • Target

    6762bc0c4bcebed4349ccf620526cd52c5dd6bcaef197ce05196d5547e744de2

  • Size

    1.1MB

  • Sample

    230823-yhag1sfb64

  • MD5

    c011768eabef21dd7974667ba6690a9a

  • SHA1

    d6073bcfee4b2e783b9e30f95e0945eec331d846

  • SHA256

    6762bc0c4bcebed4349ccf620526cd52c5dd6bcaef197ce05196d5547e744de2

  • SHA512

    1d831a1051bc82abdb94d1ddac51f56bdd932ef7b83461363852c491d77907b7edd0aa052cd25564ab54ca8c45d8289333b60d35c2dc2f3e3d67f2ec56376eed

  • SSDEEP

    24576:DIsR3f3OwxgOP/FEzFkcWXM64xnlU/XsIyADrkrlOaFstexLEUFveOD0:Df9Ww3H48wlU/3ilBFstVEX0

Malware Config

Targets

    • Target

      6762bc0c4bcebed4349ccf620526cd52c5dd6bcaef197ce05196d5547e744de2

    • Size

      1.1MB

    • MD5

      c011768eabef21dd7974667ba6690a9a

    • SHA1

      d6073bcfee4b2e783b9e30f95e0945eec331d846

    • SHA256

      6762bc0c4bcebed4349ccf620526cd52c5dd6bcaef197ce05196d5547e744de2

    • SHA512

      1d831a1051bc82abdb94d1ddac51f56bdd932ef7b83461363852c491d77907b7edd0aa052cd25564ab54ca8c45d8289333b60d35c2dc2f3e3d67f2ec56376eed

    • SSDEEP

      24576:DIsR3f3OwxgOP/FEzFkcWXM64xnlU/XsIyADrkrlOaFstexLEUFveOD0:Df9Ww3H48wlU/3ilBFstVEX0

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks