General

  • Target

    9e7d0ea43c0253912caf8dffc8cc47f5e9aa9d427af22edf8c7fbcf9bf02a682

  • Size

    584KB

  • Sample

    230828-wrgxcaea44

  • MD5

    e41e1c6afacd567e66ab249bf624e78c

  • SHA1

    38b743c554a03c360b1c7c861a6199fd3ac662ab

  • SHA256

    9e7d0ea43c0253912caf8dffc8cc47f5e9aa9d427af22edf8c7fbcf9bf02a682

  • SHA512

    4a992c26050f819140b8f9d1e6920c24942d4bd174f8d2eee214e5376cdd916b1eec64e9fa784c9bec06047d14611acbfd3ff18c7b084d8cc7e97f320aa2cbfa

  • SSDEEP

    12288:0i2cAro2HQVWAHkFSq2hAWJYlMUtrxlyuJVRe8yeEPRB:0i2Tro2H2HESq2eWJ6MQjySjyBB

Malware Config

Targets

    • Target

      9e7d0ea43c0253912caf8dffc8cc47f5e9aa9d427af22edf8c7fbcf9bf02a682

    • Size

      584KB

    • MD5

      e41e1c6afacd567e66ab249bf624e78c

    • SHA1

      38b743c554a03c360b1c7c861a6199fd3ac662ab

    • SHA256

      9e7d0ea43c0253912caf8dffc8cc47f5e9aa9d427af22edf8c7fbcf9bf02a682

    • SHA512

      4a992c26050f819140b8f9d1e6920c24942d4bd174f8d2eee214e5376cdd916b1eec64e9fa784c9bec06047d14611acbfd3ff18c7b084d8cc7e97f320aa2cbfa

    • SSDEEP

      12288:0i2cAro2HQVWAHkFSq2hAWJYlMUtrxlyuJVRe8yeEPRB:0i2Tro2H2HESq2eWJ6MQjySjyBB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks