General

  • Target

    556f3f9d7f3bb3e19b152060ffd95d6f9684b870389c055eb72576b34834a9bf

  • Size

    1.2MB

  • Sample

    230828-jqsagaah9t

  • MD5

    b184c4fb348ee20ac88352b5510cfa5e

  • SHA1

    1d5d4443cdbe4405e7d2d62b00458b861b160f64

  • SHA256

    556f3f9d7f3bb3e19b152060ffd95d6f9684b870389c055eb72576b34834a9bf

  • SHA512

    d57e65d29a96370546d04918874718cb38a273c623e4d37875e6d96ef5b9a4a8ad18f54e6e513a734d21a1f4f6a98a82d7b7bf06b2b9d6d85a37b53908ae84ff

  • SSDEEP

    24576:W09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+XKK1KKK1KKK98:W09XJt4HIN2H2tFvduySVKK1KKK1KKKi

Malware Config

Targets

    • Target

      556f3f9d7f3bb3e19b152060ffd95d6f9684b870389c055eb72576b34834a9bf

    • Size

      1.2MB

    • MD5

      b184c4fb348ee20ac88352b5510cfa5e

    • SHA1

      1d5d4443cdbe4405e7d2d62b00458b861b160f64

    • SHA256

      556f3f9d7f3bb3e19b152060ffd95d6f9684b870389c055eb72576b34834a9bf

    • SHA512

      d57e65d29a96370546d04918874718cb38a273c623e4d37875e6d96ef5b9a4a8ad18f54e6e513a734d21a1f4f6a98a82d7b7bf06b2b9d6d85a37b53908ae84ff

    • SSDEEP

      24576:W09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+XKK1KKK1KKK98:W09XJt4HIN2H2tFvduySVKK1KKK1KKKi

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks