General

  • Target

    e0656c0aff7cc24c97ed394faaf2232d310e0b8d36f75f2fadc32ee6cd5e3bce

  • Size

    491KB

  • Sample

    230901-c2fmgsbg41

  • MD5

    b7c2694daef1e7dc2f11b7363e08bb92

  • SHA1

    684b4aa3fbaebac85c26c0d73584e71f34f82af7

  • SHA256

    e0656c0aff7cc24c97ed394faaf2232d310e0b8d36f75f2fadc32ee6cd5e3bce

  • SHA512

    228a0b75ae6a6f03c3750d42b8bf5a464f213079ca837df7a69c26ceb8fe19ccc596f77f2d9fde7d0da7eeacfacef27be01b65d41b96675a8e5d2981c606d9f8

  • SSDEEP

    6144:L7i5rroiCFAhVfJSdwuWv2g276LeiEy9fBoYuzZBkIi++W327avaLRL6lZv:q5voiC2hVfJcwuejlplBoYulBMW3Qwv

Malware Config

Targets

    • Target

      e0656c0aff7cc24c97ed394faaf2232d310e0b8d36f75f2fadc32ee6cd5e3bce

    • Size

      491KB

    • MD5

      b7c2694daef1e7dc2f11b7363e08bb92

    • SHA1

      684b4aa3fbaebac85c26c0d73584e71f34f82af7

    • SHA256

      e0656c0aff7cc24c97ed394faaf2232d310e0b8d36f75f2fadc32ee6cd5e3bce

    • SHA512

      228a0b75ae6a6f03c3750d42b8bf5a464f213079ca837df7a69c26ceb8fe19ccc596f77f2d9fde7d0da7eeacfacef27be01b65d41b96675a8e5d2981c606d9f8

    • SSDEEP

      6144:L7i5rroiCFAhVfJSdwuWv2g276LeiEy9fBoYuzZBkIi++W327avaLRL6lZv:q5voiC2hVfJcwuejlplBoYulBMW3Qwv

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks