General

  • Target

    10a267fc53292d837da33aaf7e0078ebe2848f6fb721d5c0166b249bed08a099

  • Size

    2.3MB

  • Sample

    230824-dr9y1sba7w

  • MD5

    4414c2ab049dea1396f34caf75483244

  • SHA1

    b1b42240d9b24874a87ac441093face43219e67f

  • SHA256

    10a267fc53292d837da33aaf7e0078ebe2848f6fb721d5c0166b249bed08a099

  • SHA512

    af385cf27f0c7a86bf47ca41c7ac92c33fa5a0800aa84ee85e81b355795025e00aa934e97a589da34e9062682e920e14a952e7fcca3d21599029acac2517b2ba

  • SSDEEP

    49152:KQZAdVyVT9n/Gg0P+WhoYZPItx2apeapelI:TGdVyVT9nOgmhGtUvlI

Malware Config

Targets

    • Target

      10a267fc53292d837da33aaf7e0078ebe2848f6fb721d5c0166b249bed08a099

    • Size

      2.3MB

    • MD5

      4414c2ab049dea1396f34caf75483244

    • SHA1

      b1b42240d9b24874a87ac441093face43219e67f

    • SHA256

      10a267fc53292d837da33aaf7e0078ebe2848f6fb721d5c0166b249bed08a099

    • SHA512

      af385cf27f0c7a86bf47ca41c7ac92c33fa5a0800aa84ee85e81b355795025e00aa934e97a589da34e9062682e920e14a952e7fcca3d21599029acac2517b2ba

    • SSDEEP

      49152:KQZAdVyVT9n/Gg0P+WhoYZPItx2apeapelI:TGdVyVT9nOgmhGtUvlI

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks