General

  • Target

    93e3ba84f5a666cbbdeaa4167e56240da121ff20388fab6a0169cf5686a5c1ca

  • Size

    312KB

  • Sample

    230830-lfjxfsea6v

  • MD5

    302199c1c1c9e66d28a2345f52763d26

  • SHA1

    1fbdcc2094b90baeb2a426e3791f23b710da0b69

  • SHA256

    93e3ba84f5a666cbbdeaa4167e56240da121ff20388fab6a0169cf5686a5c1ca

  • SHA512

    409f40dfa721905c098912ff104cb86745297512c9a51d8c83f957100a7c24787bb3e295a6ab71b88f7786d90b601ef6451f4f645103d97f628bceda9385e245

  • SSDEEP

    6144:p1gk/BUvfqP1dOwyfl+jekWZjsaMct0zp:p1gkwu1Jyfl+jekWZjdMct0z

Malware Config

Targets

    • Target

      93e3ba84f5a666cbbdeaa4167e56240da121ff20388fab6a0169cf5686a5c1ca

    • Size

      312KB

    • MD5

      302199c1c1c9e66d28a2345f52763d26

    • SHA1

      1fbdcc2094b90baeb2a426e3791f23b710da0b69

    • SHA256

      93e3ba84f5a666cbbdeaa4167e56240da121ff20388fab6a0169cf5686a5c1ca

    • SHA512

      409f40dfa721905c098912ff104cb86745297512c9a51d8c83f957100a7c24787bb3e295a6ab71b88f7786d90b601ef6451f4f645103d97f628bceda9385e245

    • SSDEEP

      6144:p1gk/BUvfqP1dOwyfl+jekWZjsaMct0zp:p1gkwu1Jyfl+jekWZjdMct0z

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks