General

  • Target

    f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9

  • Size

    788KB

  • Sample

    230831-ypcwqaab26

  • MD5

    08fa2e5382b6cf931b3966efdd177a4f

  • SHA1

    28c8218b6ce35fcc53cc1526999a6f805be93c44

  • SHA256

    f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9

  • SHA512

    530d3d059e64bec09188846d5826567a53fd89b0d3be55e58bea85fad24e38b21cf41ad120ad52a8654cf7420ab54587ac1981dda16aa212919e467e06d92ece

  • SSDEEP

    6144:+Wf1iZ+ciJWB5uJJsxfbJWB5uJJsxfYGdijZ:+WfkZGJWBYJJsxDJWBYJJsxw

Malware Config

Targets

    • Target

      f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9

    • Size

      788KB

    • MD5

      08fa2e5382b6cf931b3966efdd177a4f

    • SHA1

      28c8218b6ce35fcc53cc1526999a6f805be93c44

    • SHA256

      f8cb9362c376f20e746bbe242ea71c956ee250c30f22f7349c7afb10b2d18cf9

    • SHA512

      530d3d059e64bec09188846d5826567a53fd89b0d3be55e58bea85fad24e38b21cf41ad120ad52a8654cf7420ab54587ac1981dda16aa212919e467e06d92ece

    • SSDEEP

      6144:+Wf1iZ+ciJWB5uJJsxfbJWB5uJJsxfYGdijZ:+WfkZGJWBYJJsxDJWBYJJsxw

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks