General

  • Target

    d25ecf54ed69469d07a40ed018a89be60fccbd01b57cb88e761e88f6b790183b

  • Size

    3.0MB

  • Sample

    230828-b16a3see74

  • MD5

    7db81d2e7b432f776ba474a99a21fc6a

  • SHA1

    89632ac77b7770424195c1bc44e977367baddaff

  • SHA256

    d25ecf54ed69469d07a40ed018a89be60fccbd01b57cb88e761e88f6b790183b

  • SHA512

    6f0ded80aef4e1a5b92633291a315a9762eb23af6a305d2bd91e071c874cb1448eb63ba86667163da4ac506e817b6af87d1619f3d6ee9a9b4148dda244150df1

  • SSDEEP

    49152:jogGkSPwrhh9vDDpQFDb0O3AfVI8tdjEcFiD:jfGkSChJDDpQlbpEI8Hu

Malware Config

Targets

    • Target

      d25ecf54ed69469d07a40ed018a89be60fccbd01b57cb88e761e88f6b790183b

    • Size

      3.0MB

    • MD5

      7db81d2e7b432f776ba474a99a21fc6a

    • SHA1

      89632ac77b7770424195c1bc44e977367baddaff

    • SHA256

      d25ecf54ed69469d07a40ed018a89be60fccbd01b57cb88e761e88f6b790183b

    • SHA512

      6f0ded80aef4e1a5b92633291a315a9762eb23af6a305d2bd91e071c874cb1448eb63ba86667163da4ac506e817b6af87d1619f3d6ee9a9b4148dda244150df1

    • SSDEEP

      49152:jogGkSPwrhh9vDDpQFDb0O3AfVI8tdjEcFiD:jfGkSChJDDpQlbpEI8Hu

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

MITRE ATT&CK Matrix

Tasks