General

  • Target

    15e79771df7f13ada5ab202d2eb3da95afc6b1e026ffd8687dd55c4daede8f1c

  • Size

    1.6MB

  • Sample

    230830-st5jmsfe3y

  • MD5

    b9ae95d21d2e7cf32319c3e939073b54

  • SHA1

    df2ee74b12620e486ac41e17fb42184fc4568898

  • SHA256

    15e79771df7f13ada5ab202d2eb3da95afc6b1e026ffd8687dd55c4daede8f1c

  • SHA512

    424e913652e805d1ec43aac2c8f31848ebf432b7781b4c1877645d7f5ba797235bcd3abf787de91e2877e25791f15cc79c9fe77ebdcec9edc5579fed6a0fa3d3

  • SSDEEP

    24576:/fPgoWX1is531r4kmAYeRTvUL87KAJM0UaF8Myes0PcPSLY6FXeHv2NhP/BnSGkM:IoWFisRF5mAYYq82aqMlTrLzFOHOhnSc

Malware Config

Targets

    • Target

      15e79771df7f13ada5ab202d2eb3da95afc6b1e026ffd8687dd55c4daede8f1c

    • Size

      1.6MB

    • MD5

      b9ae95d21d2e7cf32319c3e939073b54

    • SHA1

      df2ee74b12620e486ac41e17fb42184fc4568898

    • SHA256

      15e79771df7f13ada5ab202d2eb3da95afc6b1e026ffd8687dd55c4daede8f1c

    • SHA512

      424e913652e805d1ec43aac2c8f31848ebf432b7781b4c1877645d7f5ba797235bcd3abf787de91e2877e25791f15cc79c9fe77ebdcec9edc5579fed6a0fa3d3

    • SSDEEP

      24576:/fPgoWX1is531r4kmAYeRTvUL87KAJM0UaF8Myes0PcPSLY6FXeHv2NhP/BnSGkM:IoWFisRF5mAYYq82aqMlTrLzFOHOhnSc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks