General

  • Target

    29e76bb9c63ebec9fc4bb9935350f76ec034f2cbef9ad9efbef40d6d3f071906

  • Size

    596KB

  • Sample

    240317-xbw7rsdd4y

  • MD5

    43f2a22772d694a2f8c7819a95e34eea

  • SHA1

    936b0ffbdf921e429b8ac8a05be53b9d2858a821

  • SHA256

    29e76bb9c63ebec9fc4bb9935350f76ec034f2cbef9ad9efbef40d6d3f071906

  • SHA512

    77d2656c81262d9e9c9224b9b707770b463ca241458b53f451a1d4acf3f5412ca052db48b6097afcf24236a6adb1666975a42a59dc06e879205c37190f470f82

  • SSDEEP

    12288:kzDrge07BYeVH0ppECUoKyJwivp23JfZ6cz2RrJlnJIkJ6zXTI:kzDz0CS8405gxZ52RrJzI86zXs

Malware Config

Targets

    • Target

      29e76bb9c63ebec9fc4bb9935350f76ec034f2cbef9ad9efbef40d6d3f071906

    • Size

      596KB

    • MD5

      43f2a22772d694a2f8c7819a95e34eea

    • SHA1

      936b0ffbdf921e429b8ac8a05be53b9d2858a821

    • SHA256

      29e76bb9c63ebec9fc4bb9935350f76ec034f2cbef9ad9efbef40d6d3f071906

    • SHA512

      77d2656c81262d9e9c9224b9b707770b463ca241458b53f451a1d4acf3f5412ca052db48b6097afcf24236a6adb1666975a42a59dc06e879205c37190f470f82

    • SSDEEP

      12288:kzDrge07BYeVH0ppECUoKyJwivp23JfZ6cz2RrJlnJIkJ6zXTI:kzDz0CS8405gxZ52RrJzI86zXs

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks