General

  • Target

    1dec6d31ca949426cb41ab2ae4bdc383f81e0511c12f5416322a19975959c50e

  • Size

    1.7MB

  • Sample

    230828-g8mftsae2v

  • MD5

    bc02113864af84d18c346712db1df77f

  • SHA1

    95f28a8f4e469d1043dd2f07773c7d4f8688b10a

  • SHA256

    1dec6d31ca949426cb41ab2ae4bdc383f81e0511c12f5416322a19975959c50e

  • SHA512

    453f698479f084d15737832f847510135fbb4f372dba35188729ffcd78246e46a89dceef4b7a85afcc931bc011460943c33083c33d96824a50bec97d0ec5e2e4

  • SSDEEP

    49152:vEd635swwspNRHEV3lkj8h+rFZ9PepBKpkw:vEO5Nwsp4Flkj8hS9PeN

Malware Config

Targets

    • Target

      1dec6d31ca949426cb41ab2ae4bdc383f81e0511c12f5416322a19975959c50e

    • Size

      1.7MB

    • MD5

      bc02113864af84d18c346712db1df77f

    • SHA1

      95f28a8f4e469d1043dd2f07773c7d4f8688b10a

    • SHA256

      1dec6d31ca949426cb41ab2ae4bdc383f81e0511c12f5416322a19975959c50e

    • SHA512

      453f698479f084d15737832f847510135fbb4f372dba35188729ffcd78246e46a89dceef4b7a85afcc931bc011460943c33083c33d96824a50bec97d0ec5e2e4

    • SSDEEP

      49152:vEd635swwspNRHEV3lkj8h+rFZ9PepBKpkw:vEO5Nwsp4Flkj8hS9PeN

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks