General

  • Target

    a3caf369d1667da3cf24cd843d44791666f23da5f7578402ac922c7e2de095bf

  • Size

    6.1MB

  • Sample

    230829-jq3q7sdh7z

  • MD5

    875227db5701889e4a67f666881b251f

  • SHA1

    962d9cdaf40754c0ec7e2c652f7f1ca42d43ec7b

  • SHA256

    a3caf369d1667da3cf24cd843d44791666f23da5f7578402ac922c7e2de095bf

  • SHA512

    6dcaec5a774df6dfd8fd6586c8bc1ba18fc89ce1a644202b15d83b10d9ad7502c9ea0adb51a1275698908e358f8255c2519a64a8b48d464f4cc20766f34fba9b

  • SSDEEP

    98304:bZJt4HINy2LkeefS7peKOB3NLSiwbrM95+NTl:diINy2Lkee4pc3+rk5ql

Malware Config

Targets

    • Target

      a3caf369d1667da3cf24cd843d44791666f23da5f7578402ac922c7e2de095bf

    • Size

      6.1MB

    • MD5

      875227db5701889e4a67f666881b251f

    • SHA1

      962d9cdaf40754c0ec7e2c652f7f1ca42d43ec7b

    • SHA256

      a3caf369d1667da3cf24cd843d44791666f23da5f7578402ac922c7e2de095bf

    • SHA512

      6dcaec5a774df6dfd8fd6586c8bc1ba18fc89ce1a644202b15d83b10d9ad7502c9ea0adb51a1275698908e358f8255c2519a64a8b48d464f4cc20766f34fba9b

    • SSDEEP

      98304:bZJt4HINy2LkeefS7peKOB3NLSiwbrM95+NTl:diINy2Lkee4pc3+rk5ql

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks