General

  • Target

    21c9209e1f4c06022692cbc2e07cdc87cbda215ee037a379b1015537e6a2a9fa

  • Size

    4.1MB

  • Sample

    230828-y3cg4sag6x

  • MD5

    86cd7423598d3ec0099916ef82a21783

  • SHA1

    440b22ffe4405904fbc97240b24e901ff6bb4175

  • SHA256

    21c9209e1f4c06022692cbc2e07cdc87cbda215ee037a379b1015537e6a2a9fa

  • SHA512

    ef02e5b9a83ea6edc75ff6ad109394b522f8f458ff17d01cc57c3259674a95eba9b41aee642b68d1e98412bbae8ec4e1598b112d47a27ea1c952715183104493

  • SSDEEP

    98304:0cy2LkxIEUgAtnf6ijFUGeeDdhnY+MIa/IB:Fy2Lk+E2tnfzjSKDTY+r9B

Malware Config

Targets

    • Target

      21c9209e1f4c06022692cbc2e07cdc87cbda215ee037a379b1015537e6a2a9fa

    • Size

      4.1MB

    • MD5

      86cd7423598d3ec0099916ef82a21783

    • SHA1

      440b22ffe4405904fbc97240b24e901ff6bb4175

    • SHA256

      21c9209e1f4c06022692cbc2e07cdc87cbda215ee037a379b1015537e6a2a9fa

    • SHA512

      ef02e5b9a83ea6edc75ff6ad109394b522f8f458ff17d01cc57c3259674a95eba9b41aee642b68d1e98412bbae8ec4e1598b112d47a27ea1c952715183104493

    • SSDEEP

      98304:0cy2LkxIEUgAtnf6ijFUGeeDdhnY+MIa/IB:Fy2Lk+E2tnfzjSKDTY+r9B

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks