General

  • Target

    1ab45d90a2fb96ecb2f3d9c01595c93a606235caa7ed524d865d0cb57e8ae142

  • Size

    968KB

  • Sample

    230828-swee8sfc3x

  • MD5

    6b3a892cdebae7dba3a452140082ed04

  • SHA1

    107559f8e082ab08bab37cc45ff79923be9a46a5

  • SHA256

    1ab45d90a2fb96ecb2f3d9c01595c93a606235caa7ed524d865d0cb57e8ae142

  • SHA512

    15b665cc62a7c6ee3e867a22d435722ccc584dd41ee1f2cd2c44dd60c5455dc23c06ba3655b91118a1747c4a300a8970fb58d75369855af0772a7835434d405a

  • SSDEEP

    12288:n7NE77jzFVkmLuNpDG1V54TRVYFbpHtYmZBlv:nwFVkmLkpD6VWTXYFbpHKmZB

Malware Config

Targets

    • Target

      1ab45d90a2fb96ecb2f3d9c01595c93a606235caa7ed524d865d0cb57e8ae142

    • Size

      968KB

    • MD5

      6b3a892cdebae7dba3a452140082ed04

    • SHA1

      107559f8e082ab08bab37cc45ff79923be9a46a5

    • SHA256

      1ab45d90a2fb96ecb2f3d9c01595c93a606235caa7ed524d865d0cb57e8ae142

    • SHA512

      15b665cc62a7c6ee3e867a22d435722ccc584dd41ee1f2cd2c44dd60c5455dc23c06ba3655b91118a1747c4a300a8970fb58d75369855af0772a7835434d405a

    • SSDEEP

      12288:n7NE77jzFVkmLuNpDG1V54TRVYFbpHtYmZBlv:nwFVkmLkpD6VWTXYFbpHKmZB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks