General

  • Target

    74e367303394a82e43adac5966a248718ca8e2e0ee474dee49c8454ceeecfc9e

  • Size

    4.8MB

  • Sample

    230824-dscpxahe93

  • MD5

    bead87101cd31e05f2498acda287b105

  • SHA1

    74c10484fb6df0c0eb886530f9e19652267a0a71

  • SHA256

    74e367303394a82e43adac5966a248718ca8e2e0ee474dee49c8454ceeecfc9e

  • SHA512

    79b9c818e91a68370f56f8f144a54530522c965df80468d9d1f7241150aa6c8af65c0de3f9443b52c14610ad88f7584f5f53cfc6f026613b25bff1981f1c56cb

  • SSDEEP

    49152:KQZAdVyVT9n/Gg0P+WhojbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:TGdVyVT9nOgmh8bXsPN5kiQaZ56

Malware Config

Targets

    • Target

      74e367303394a82e43adac5966a248718ca8e2e0ee474dee49c8454ceeecfc9e

    • Size

      4.8MB

    • MD5

      bead87101cd31e05f2498acda287b105

    • SHA1

      74c10484fb6df0c0eb886530f9e19652267a0a71

    • SHA256

      74e367303394a82e43adac5966a248718ca8e2e0ee474dee49c8454ceeecfc9e

    • SHA512

      79b9c818e91a68370f56f8f144a54530522c965df80468d9d1f7241150aa6c8af65c0de3f9443b52c14610ad88f7584f5f53cfc6f026613b25bff1981f1c56cb

    • SSDEEP

      49152:KQZAdVyVT9n/Gg0P+WhojbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:TGdVyVT9nOgmh8bXsPN5kiQaZ56

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks