General

  • Target

    28af7045ada5cc266aa2cae6ac67386900feb77047028e0fa2637dbb6e7a4b77

  • Size

    2.8MB

  • Sample

    230828-a8zylaeb62

  • MD5

    bfdd3d543f2647596931913f24cf2158

  • SHA1

    a68d0b38919ecea9f4e3f696e49484561725e2cb

  • SHA256

    28af7045ada5cc266aa2cae6ac67386900feb77047028e0fa2637dbb6e7a4b77

  • SHA512

    2d273aa5761311f28ebb815aa88e309ca1faac06ffec22bb9acbaf4986e735bd4170dc6e20d7af4312d6c8705dd505d9ee1a1beee4c79af189f861134669b234

  • SSDEEP

    49152:fhJJBZrhacEd635swwspNRHEV3lkj8h+rFZ9PepBKpkwNNln5:fhXBZ1EO5Nwsp4Flkj8hS9PeNc

Malware Config

Targets

    • Target

      28af7045ada5cc266aa2cae6ac67386900feb77047028e0fa2637dbb6e7a4b77

    • Size

      2.8MB

    • MD5

      bfdd3d543f2647596931913f24cf2158

    • SHA1

      a68d0b38919ecea9f4e3f696e49484561725e2cb

    • SHA256

      28af7045ada5cc266aa2cae6ac67386900feb77047028e0fa2637dbb6e7a4b77

    • SHA512

      2d273aa5761311f28ebb815aa88e309ca1faac06ffec22bb9acbaf4986e735bd4170dc6e20d7af4312d6c8705dd505d9ee1a1beee4c79af189f861134669b234

    • SSDEEP

      49152:fhJJBZrhacEd635swwspNRHEV3lkj8h+rFZ9PepBKpkwNNln5:fhXBZ1EO5Nwsp4Flkj8hS9PeNc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks