General

  • Target

    d1dcf419f7518e069085a5371a3a0a8ea52de343267b7e957a3b1246244134d6

  • Size

    1.3MB

  • Sample

    240318-gpdpksaf9t

  • MD5

    9d1210c8117321ed57bafe207a1d4049

  • SHA1

    2ce8a587104de02539cffa4c3783a0eb64ed49b6

  • SHA256

    d1dcf419f7518e069085a5371a3a0a8ea52de343267b7e957a3b1246244134d6

  • SHA512

    1227869cbca9a4d0b28cf0347772c6cfe29b81aaeaf3351b26ae90d936f352a7e4403bdf7906d2f30cb15e5e69ba6afd17a55259dae393751027ffc7027ccd58

  • SSDEEP

    24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN7:QHPkVOBTK

Malware Config

Targets

    • Target

      d1dcf419f7518e069085a5371a3a0a8ea52de343267b7e957a3b1246244134d6

    • Size

      1.3MB

    • MD5

      9d1210c8117321ed57bafe207a1d4049

    • SHA1

      2ce8a587104de02539cffa4c3783a0eb64ed49b6

    • SHA256

      d1dcf419f7518e069085a5371a3a0a8ea52de343267b7e957a3b1246244134d6

    • SHA512

      1227869cbca9a4d0b28cf0347772c6cfe29b81aaeaf3351b26ae90d936f352a7e4403bdf7906d2f30cb15e5e69ba6afd17a55259dae393751027ffc7027ccd58

    • SSDEEP

      24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN7:QHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks