General

  • Target

    64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666

  • Size

    2.5MB

  • Sample

    230830-zsnytsac5v

  • MD5

    8288f7cd48fcd1ac3cda93adedc583ae

  • SHA1

    d7b556b90f0dc40e114eef38de64ece8bbd4ab4a

  • SHA256

    64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666

  • SHA512

    74e0a901e598ccb9836cf978a081c4ac176344fab6e5a074fae35b3b336eed6c5eac2df8865a3e7f2d9d22365fea07b08220f781b64bbfb3b89f3e9a85ba8030

  • SSDEEP

    49152:8gAPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBa:8grmq5trnG9N96LJxi

Malware Config

Targets

    • Target

      64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666

    • Size

      2.5MB

    • MD5

      8288f7cd48fcd1ac3cda93adedc583ae

    • SHA1

      d7b556b90f0dc40e114eef38de64ece8bbd4ab4a

    • SHA256

      64f712cb15fa4f64bb79cadf045248b03ecb8ca6b17aa59c09f6376c7219e666

    • SHA512

      74e0a901e598ccb9836cf978a081c4ac176344fab6e5a074fae35b3b336eed6c5eac2df8865a3e7f2d9d22365fea07b08220f781b64bbfb3b89f3e9a85ba8030

    • SSDEEP

      49152:8gAPH2EPq5WAnuoSKFbC9N9wBKqPDQ4lxKBa:8grmq5trnG9N96LJxi

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks