General

  • Target

    f906dead49b0be51ac106ae68486e818b30b459bf3485cfa3e1e2befee98c01c

  • Size

    1.3MB

  • Sample

    230828-mypfbsac59

  • MD5

    21cd21a4b214a4b7d8aada8aba66dbb9

  • SHA1

    22752c82b2107c557ec30ef7ab41075d505a959d

  • SHA256

    f906dead49b0be51ac106ae68486e818b30b459bf3485cfa3e1e2befee98c01c

  • SHA512

    435d6e560db1f9d280c09d3afe9135370d37131b52d4f2efd322dd91ae736cf6589295b1f857834bc8e00ad1f76d32a16aaf8d89b161d2be380c186215114f4c

  • SSDEEP

    24576:EQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVaJFn2z:EQZAdVyVT9n/Gg0P+Who9Fn2z

Malware Config

Targets

    • Target

      f906dead49b0be51ac106ae68486e818b30b459bf3485cfa3e1e2befee98c01c

    • Size

      1.3MB

    • MD5

      21cd21a4b214a4b7d8aada8aba66dbb9

    • SHA1

      22752c82b2107c557ec30ef7ab41075d505a959d

    • SHA256

      f906dead49b0be51ac106ae68486e818b30b459bf3485cfa3e1e2befee98c01c

    • SHA512

      435d6e560db1f9d280c09d3afe9135370d37131b52d4f2efd322dd91ae736cf6589295b1f857834bc8e00ad1f76d32a16aaf8d89b161d2be380c186215114f4c

    • SSDEEP

      24576:EQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVaJFn2z:EQZAdVyVT9n/Gg0P+Who9Fn2z

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks