General

  • Target

    da3c7db2e0bef60c959a84de7b4832c75f27b35ee600b8115007bdb93d31d9f3

  • Size

    1.1MB

  • Sample

    230827-3v8mssdh39

  • MD5

    6867c52cb18de6c3d299b5f8b4d23942

  • SHA1

    8cab246f4181fa771beeb7eee4ec8a211d5a5184

  • SHA256

    da3c7db2e0bef60c959a84de7b4832c75f27b35ee600b8115007bdb93d31d9f3

  • SHA512

    043e85095198c812dbbd70f1737a61960608684b807940db8024c39c870a5186649160497bf4710a2b1287f2a1012682be251ab3c2601ebdfe49085b6605827d

  • SSDEEP

    24576:FKGWrq+itBV6Q5k91qeu6Fid/sb0El+jFCPUw+pG4fIfgW/R5tYGb9Mrr4Tbb:Qq+it76kk98eHFOswKUw+pOYWDtRGETn

Malware Config

Targets

    • Target

      da3c7db2e0bef60c959a84de7b4832c75f27b35ee600b8115007bdb93d31d9f3

    • Size

      1.1MB

    • MD5

      6867c52cb18de6c3d299b5f8b4d23942

    • SHA1

      8cab246f4181fa771beeb7eee4ec8a211d5a5184

    • SHA256

      da3c7db2e0bef60c959a84de7b4832c75f27b35ee600b8115007bdb93d31d9f3

    • SHA512

      043e85095198c812dbbd70f1737a61960608684b807940db8024c39c870a5186649160497bf4710a2b1287f2a1012682be251ab3c2601ebdfe49085b6605827d

    • SSDEEP

      24576:FKGWrq+itBV6Q5k91qeu6Fid/sb0El+jFCPUw+pG4fIfgW/R5tYGb9Mrr4Tbb:Qq+it76kk98eHFOswKUw+pOYWDtRGETn

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks