General

  • Target

    04d993354967c1685d3db6e6588d07712f92d89ccdb917838f8090fddf6eef2a

  • Size

    1.5MB

  • Sample

    230828-bh65naec83

  • MD5

    edf2070b6eafa54a6dfa1312d9356248

  • SHA1

    44b06c9f32d21547b02120ed0c70a2ab4c3a574b

  • SHA256

    04d993354967c1685d3db6e6588d07712f92d89ccdb917838f8090fddf6eef2a

  • SHA512

    0792a3f10fa8a4320ae76121f52f03f9020e955e88091c07dd9b3469279ddab05413729ca1b14e67bbdca84dd6bc34347a2c0452943ad56f83e9e14852110787

  • SSDEEP

    24576:NHls7zFQDpcl3PEty3Ruv7NxHYABaZNZW:hK/J3ZRuv7DHYAsZ6

Malware Config

Targets

    • Target

      04d993354967c1685d3db6e6588d07712f92d89ccdb917838f8090fddf6eef2a

    • Size

      1.5MB

    • MD5

      edf2070b6eafa54a6dfa1312d9356248

    • SHA1

      44b06c9f32d21547b02120ed0c70a2ab4c3a574b

    • SHA256

      04d993354967c1685d3db6e6588d07712f92d89ccdb917838f8090fddf6eef2a

    • SHA512

      0792a3f10fa8a4320ae76121f52f03f9020e955e88091c07dd9b3469279ddab05413729ca1b14e67bbdca84dd6bc34347a2c0452943ad56f83e9e14852110787

    • SSDEEP

      24576:NHls7zFQDpcl3PEty3Ruv7NxHYABaZNZW:hK/J3ZRuv7DHYAsZ6

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

MITRE ATT&CK Matrix

Tasks