Overview

overview

10

Static

static

3

y.exe

windows7-x64

10

y.exe

windows10-1703-x64

10

y.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    y.exe

  • Size

    516KB

  • Sample

    231101-ej8xescb35

  • MD5

    672c56bcaeedb4f630cda204ed5ef32d

  • SHA1

    df8868926293efb2e13339a020a0eefee128d9d7

  • SHA256

    448a9d8451178d090723b249ba1b3514539b14bfb14a7b2141dd492f296d1f53

  • SHA512

    38f69f8199a664edb278aeb63d33a50d19fa843e1331ba3870f3038cd2620cd41979c02287dfe154031c1d5ea32be70d9f775ae2e2f8c4f8e7fbef36154b21a4

  • SSDEEP

    6144:J0aJ41z7pmJyseEgKgPObyIozhRjcerTn:J0aqz79QmI4T

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Targets

    • Target

      y.exe

    • Size

      516KB

    • MD5

      672c56bcaeedb4f630cda204ed5ef32d

    • SHA1

      df8868926293efb2e13339a020a0eefee128d9d7

    • SHA256

      448a9d8451178d090723b249ba1b3514539b14bfb14a7b2141dd492f296d1f53

    • SHA512

      38f69f8199a664edb278aeb63d33a50d19fa843e1331ba3870f3038cd2620cd41979c02287dfe154031c1d5ea32be70d9f775ae2e2f8c4f8e7fbef36154b21a4

    • SSDEEP

      6144:J0aJ41z7pmJyseEgKgPObyIozhRjcerTn:J0aqz79QmI4T

    Score
    10/10
    gh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks