General

  • Target

    d2917799bb47bda19b1310a56290995dfed005bd318656d647a9c3e46a8fd117

  • Size

    1.6MB

  • Sample

    230828-dc91gaeh89

  • MD5

    bbffe4ad49a192556a933decee1c0614

  • SHA1

    b1fed18a09018aae23459b6ad673c861fbadbbfd

  • SHA256

    d2917799bb47bda19b1310a56290995dfed005bd318656d647a9c3e46a8fd117

  • SHA512

    da02389a16fb70334aac3b5d3b923cf0128d5f1db793589c49681562b233e3e35e49bd299dc583e1e3264587bccf515eb894c6cbe5d4b6fa6ed76cae09406190

  • SSDEEP

    49152:ZHf+cWJKq358AJoaqMyY58V4M+gF7Nvas7tc1/xh:5fpWJKq3eAJVqMgSM+gDas7O/

Malware Config

Targets

    • Target

      d2917799bb47bda19b1310a56290995dfed005bd318656d647a9c3e46a8fd117

    • Size

      1.6MB

    • MD5

      bbffe4ad49a192556a933decee1c0614

    • SHA1

      b1fed18a09018aae23459b6ad673c861fbadbbfd

    • SHA256

      d2917799bb47bda19b1310a56290995dfed005bd318656d647a9c3e46a8fd117

    • SHA512

      da02389a16fb70334aac3b5d3b923cf0128d5f1db793589c49681562b233e3e35e49bd299dc583e1e3264587bccf515eb894c6cbe5d4b6fa6ed76cae09406190

    • SSDEEP

      49152:ZHf+cWJKq358AJoaqMyY58V4M+gF7Nvas7tc1/xh:5fpWJKq3eAJVqMgSM+gDas7O/

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks