Overview

overview

10

Static

static

3

8fc82ac022...d4.exe

windows7-x64

10

8fc82ac022...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fc82ac0223d2a839376deaddefa96e715708157ba483121601119d23790eed4

  • Size

    4.8MB

  • Sample

    240526-ja57dsbc7t

  • MD5

    b13109c0a0e825cd0e79c60291709522

  • SHA1

    8836c4d20644d26f5a5f3028969fcc26bc3d686f

  • SHA256

    8fc82ac0223d2a839376deaddefa96e715708157ba483121601119d23790eed4

  • SHA512

    aabf21c7d4cf58285016dc89afe1e2b0834ad7b7841b17ae26c44d74fbefb8c89aadc414d382ce4578a680f6be856db1bd6cd6b511229e820503cbdc10d45eec

  • SSDEEP

    98304:KGdVyVT9nOgmhM5dyWRudqIqf7UbXsPN5kiQaZ56:5WT9nO7Iol7S7z5VP6

Score
10/10
gh0stratpurplefoxpersistenceratrootkittrojanupx

Malware Config

Targets

    • Target

      8fc82ac0223d2a839376deaddefa96e715708157ba483121601119d23790eed4

    • Size

      4.8MB

    • MD5

      b13109c0a0e825cd0e79c60291709522

    • SHA1

      8836c4d20644d26f5a5f3028969fcc26bc3d686f

    • SHA256

      8fc82ac0223d2a839376deaddefa96e715708157ba483121601119d23790eed4

    • SHA512

      aabf21c7d4cf58285016dc89afe1e2b0834ad7b7841b17ae26c44d74fbefb8c89aadc414d382ce4578a680f6be856db1bd6cd6b511229e820503cbdc10d45eec

    • SSDEEP

      98304:KGdVyVT9nOgmhM5dyWRudqIqf7UbXsPN5kiQaZ56:5WT9nO7Iol7S7z5VP6

    Score
    10/10
    gh0stratpurplefoxpersistenceratrootkittrojanupx

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

      persistence

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks