General

  • Target

    c8aea40f2990b155666daeb16ada3177f71980f3daa774a84489af063b8925a4

  • Size

    13.2MB

  • Sample

    240525-veclesba8t

  • MD5

    ade089384bd7b48bc93bbcdb574c204c

  • SHA1

    b2d3ea31bfd3fd2266145c66a169b329f168bfe2

  • SHA256

    c8aea40f2990b155666daeb16ada3177f71980f3daa774a84489af063b8925a4

  • SHA512

    007fe132bef5d30b13005c4f898bb143a4eed4f9d4c56035c4aae198f2eff16ed23ac2da436f52b01a66572869a6f12fe553f5a26166376b42e9ec903959e0f5

  • SSDEEP

    98304:pws2ANnKXOaeOgmhNocmlkl2Nap8pwWUbRFCpFCslCJ++A:bKXbeO7nXrRFCpFCslCJdA

Malware Config

Targets

    • Target

      c8aea40f2990b155666daeb16ada3177f71980f3daa774a84489af063b8925a4

    • Size

      13.2MB

    • MD5

      ade089384bd7b48bc93bbcdb574c204c

    • SHA1

      b2d3ea31bfd3fd2266145c66a169b329f168bfe2

    • SHA256

      c8aea40f2990b155666daeb16ada3177f71980f3daa774a84489af063b8925a4

    • SHA512

      007fe132bef5d30b13005c4f898bb143a4eed4f9d4c56035c4aae198f2eff16ed23ac2da436f52b01a66572869a6f12fe553f5a26166376b42e9ec903959e0f5

    • SSDEEP

      98304:pws2ANnKXOaeOgmhNocmlkl2Nap8pwWUbRFCpFCslCJ++A:bKXbeO7nXrRFCpFCslCJdA

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks