General

  • Target

    a8d2c79839b37e9da7b91be4303c22b29523adb9415172496a537f9a1b276cfb

  • Size

    4.6MB

  • Sample

    230828-f4savaab8t

  • MD5

    75f9b3bb916a9a5f0fbc3d2ae2b15c6c

  • SHA1

    3db711ee95648bad3e52d8ce8b53780aa0039f77

  • SHA256

    a8d2c79839b37e9da7b91be4303c22b29523adb9415172496a537f9a1b276cfb

  • SHA512

    2276966ff72597299fb24e323d4e2efc989f38c775a049a78dbaaa42392d90f7aad44cef73fd857b87ad1aa00ab59dffc1f50507467b73d579d68c5397a9a373

  • SSDEEP

    24576:phUom+wjcdz1GvDBcComjbqI4SixIxWE1r:vUKz12nVjtcCW

Malware Config

Targets

    • Target

      a8d2c79839b37e9da7b91be4303c22b29523adb9415172496a537f9a1b276cfb

    • Size

      4.6MB

    • MD5

      75f9b3bb916a9a5f0fbc3d2ae2b15c6c

    • SHA1

      3db711ee95648bad3e52d8ce8b53780aa0039f77

    • SHA256

      a8d2c79839b37e9da7b91be4303c22b29523adb9415172496a537f9a1b276cfb

    • SHA512

      2276966ff72597299fb24e323d4e2efc989f38c775a049a78dbaaa42392d90f7aad44cef73fd857b87ad1aa00ab59dffc1f50507467b73d579d68c5397a9a373

    • SSDEEP

      24576:phUom+wjcdz1GvDBcComjbqI4SixIxWE1r:vUKz12nVjtcCW

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks