General

  • Target

    be47c25791dba4c7be6166cb3b9795af567f87cc3dd6301580b4deb6104afc25

  • Size

    1.1MB

  • Sample

    230824-nzrgracc64

  • MD5

    4fd87d97111550eeb5bf3b2b5dce5607

  • SHA1

    9c18387f036fec65dc499e30936ab9d126fa2850

  • SHA256

    be47c25791dba4c7be6166cb3b9795af567f87cc3dd6301580b4deb6104afc25

  • SHA512

    f3d248ad9919ba54ec5d084916d5e5e90fdd638c875155d62b92f01db594a58bfe57cfebb3257eff615f7f51a2fdda4b80f8685efb74bdfc673883896bdbaadf

  • SSDEEP

    24576:j09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+Lwpe7:j09XJt4HIN2H2tFvduySmpe7

Malware Config

Targets

    • Target

      be47c25791dba4c7be6166cb3b9795af567f87cc3dd6301580b4deb6104afc25

    • Size

      1.1MB

    • MD5

      4fd87d97111550eeb5bf3b2b5dce5607

    • SHA1

      9c18387f036fec65dc499e30936ab9d126fa2850

    • SHA256

      be47c25791dba4c7be6166cb3b9795af567f87cc3dd6301580b4deb6104afc25

    • SHA512

      f3d248ad9919ba54ec5d084916d5e5e90fdd638c875155d62b92f01db594a58bfe57cfebb3257eff615f7f51a2fdda4b80f8685efb74bdfc673883896bdbaadf

    • SSDEEP

      24576:j09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+Lwpe7:j09XJt4HIN2H2tFvduySmpe7

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks