General

  • Target

    269491bb8dc7c8f0ee5b34af8d3c83565269fa754e5b2f05e10814a3f76e803e

  • Size

    3.1MB

  • Sample

    230829-rmpzyada28

  • MD5

    798eb2452bd3c0b9cf0d52ebb28d3f04

  • SHA1

    6bac7bf04b358e9e511ab311d49ded1871f5d2c0

  • SHA256

    269491bb8dc7c8f0ee5b34af8d3c83565269fa754e5b2f05e10814a3f76e803e

  • SHA512

    c5998b076303db04ca8c3a24536f23e8f5ebd3e8f8158110c47c37f2aa4105a1cca4c0f6c984afc904300860697234879d66c440d3b1c8af69288cc8a8db4599

  • SSDEEP

    49152:ZCwsbCANnKXferL7Vwe/Gg0P+Wh7gCMmN:Uws2ANnKXOaeOgmhkCZ

Malware Config

Targets

    • Target

      269491bb8dc7c8f0ee5b34af8d3c83565269fa754e5b2f05e10814a3f76e803e

    • Size

      3.1MB

    • MD5

      798eb2452bd3c0b9cf0d52ebb28d3f04

    • SHA1

      6bac7bf04b358e9e511ab311d49ded1871f5d2c0

    • SHA256

      269491bb8dc7c8f0ee5b34af8d3c83565269fa754e5b2f05e10814a3f76e803e

    • SHA512

      c5998b076303db04ca8c3a24536f23e8f5ebd3e8f8158110c47c37f2aa4105a1cca4c0f6c984afc904300860697234879d66c440d3b1c8af69288cc8a8db4599

    • SSDEEP

      49152:ZCwsbCANnKXferL7Vwe/Gg0P+Wh7gCMmN:Uws2ANnKXOaeOgmhkCZ

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks