General

  • Target

    f1496ba5b1d2ab715808da6aa37fb2a2e1be1a3e85825e27f29910f302eb9cc6

  • Size

    1.9MB

  • Sample

    240322-l19nlsda81

  • MD5

    6e9278f99a64cf55a13e6e80573b2565

  • SHA1

    30c61f0eb9b720caf7a936a004b704e7050d158d

  • SHA256

    f1496ba5b1d2ab715808da6aa37fb2a2e1be1a3e85825e27f29910f302eb9cc6

  • SHA512

    eeb2a0e6dab0f35a96156a3ddfdc0786c7f1049b5c5dc7b669aa8e82223cb5c1f85e620ad7d08023889fd1dcbc217bcc8c35e11ff8fa1010f183c145c0039675

  • SSDEEP

    24576:U8fZOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHAw+qYBV93QjfchmEO:LOWFJbtSMXoTLq73xK9+qYBDQjfchm1

Malware Config

Targets

    • Target

      f1496ba5b1d2ab715808da6aa37fb2a2e1be1a3e85825e27f29910f302eb9cc6

    • Size

      1.9MB

    • MD5

      6e9278f99a64cf55a13e6e80573b2565

    • SHA1

      30c61f0eb9b720caf7a936a004b704e7050d158d

    • SHA256

      f1496ba5b1d2ab715808da6aa37fb2a2e1be1a3e85825e27f29910f302eb9cc6

    • SHA512

      eeb2a0e6dab0f35a96156a3ddfdc0786c7f1049b5c5dc7b669aa8e82223cb5c1f85e620ad7d08023889fd1dcbc217bcc8c35e11ff8fa1010f183c145c0039675

    • SSDEEP

      24576:U8fZOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHAw+qYBV93QjfchmEO:LOWFJbtSMXoTLq73xK9+qYBDQjfchm1

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks