General

  • Target

    1a99ba7d887aeb95014d66e563ff0d0b8ac0eff1b44af33191010101fe21e3cd

  • Size

    1.4MB

  • Sample

    230828-hd63esgg42

  • MD5

    1ed96ce7d0297178366919cc9a8e3cb4

  • SHA1

    496fd69fd363015acbbd0f53a9eaffcff99b5f44

  • SHA256

    1a99ba7d887aeb95014d66e563ff0d0b8ac0eff1b44af33191010101fe21e3cd

  • SHA512

    2a52658f2bc1f17eda5ecf9631652d4beb0c3d8e331a5b9bfdd459b459add708792625792684d89481d6b2f42af77b5ad3eef67ff008dfd5bcbb27bcd849dc06

  • SSDEEP

    24576:f09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+SW:f09XJt4HIN2H2tFvduySR

Malware Config

Targets

    • Target

      1a99ba7d887aeb95014d66e563ff0d0b8ac0eff1b44af33191010101fe21e3cd

    • Size

      1.4MB

    • MD5

      1ed96ce7d0297178366919cc9a8e3cb4

    • SHA1

      496fd69fd363015acbbd0f53a9eaffcff99b5f44

    • SHA256

      1a99ba7d887aeb95014d66e563ff0d0b8ac0eff1b44af33191010101fe21e3cd

    • SHA512

      2a52658f2bc1f17eda5ecf9631652d4beb0c3d8e331a5b9bfdd459b459add708792625792684d89481d6b2f42af77b5ad3eef67ff008dfd5bcbb27bcd849dc06

    • SSDEEP

      24576:f09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+SW:f09XJt4HIN2H2tFvduySR

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks