General

  • Target

    555a9238b008e883bf541291edd7833f71251935282ef7ebb0c93900f719ed75

  • Size

    4.5MB

  • Sample

    230829-x9k76afc34

  • MD5

    1047bba83c59fa29a3063fda0ce8fbea

  • SHA1

    abcb9fbf2d30490407115a106a295d0e41f255e6

  • SHA256

    555a9238b008e883bf541291edd7833f71251935282ef7ebb0c93900f719ed75

  • SHA512

    8238a337bd1ae7bbb967d7eb7fdcda92256af44858b7abf4174ef7daa3fe9e37dacdf36a926cd36546803dd5799a57a8948579297db988538296db0f1545c08a

  • SSDEEP

    49152:j89XJt4HIZ/Gg0P+WhKPLGc4yiyXB1jOBLEzNcSBoU1U/qSc:QZJt4HIZOgmhKbSc

Malware Config

Targets

    • Target

      555a9238b008e883bf541291edd7833f71251935282ef7ebb0c93900f719ed75

    • Size

      4.5MB

    • MD5

      1047bba83c59fa29a3063fda0ce8fbea

    • SHA1

      abcb9fbf2d30490407115a106a295d0e41f255e6

    • SHA256

      555a9238b008e883bf541291edd7833f71251935282ef7ebb0c93900f719ed75

    • SHA512

      8238a337bd1ae7bbb967d7eb7fdcda92256af44858b7abf4174ef7daa3fe9e37dacdf36a926cd36546803dd5799a57a8948579297db988538296db0f1545c08a

    • SSDEEP

      49152:j89XJt4HIZ/Gg0P+WhKPLGc4yiyXB1jOBLEzNcSBoU1U/qSc:QZJt4HIZOgmhKbSc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks