Overview

overview

10

Static

static

3

e6533d5fe7...be.exe

windows7-x64

10

e6533d5fe7...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6533d5fe79de07359909ba9095f1d29929f3fe314758fd9f26ffc370ee6cebe

  • Size

    8.4MB

  • Sample

    240526-jeyccacc56

  • MD5

    e3526c434c8ee3e34facd75380f21c71

  • SHA1

    6bf90e51aae8525c897cf8c98ef09aad235ed9e9

  • SHA256

    e6533d5fe79de07359909ba9095f1d29929f3fe314758fd9f26ffc370ee6cebe

  • SHA512

    34c03d6fe9a759391cfa659c48a2d569be5952d7805e33421ed83033c2509665babdfcff705e375d2a12cd8429491050db4d7eb9c75ff5ce33cd65b9c008f8ea

  • SSDEEP

    196608:nKXbeO7Et7QmmF+QylBTZbvFVX89XVZUT7upkB:U7Et7tKyn3V8BVZw7upkB

Score
10/10
gh0stratpurplefoxpersistenceratrootkittrojanupx

Malware Config

Targets

    • Target

      e6533d5fe79de07359909ba9095f1d29929f3fe314758fd9f26ffc370ee6cebe

    • Size

      8.4MB

    • MD5

      e3526c434c8ee3e34facd75380f21c71

    • SHA1

      6bf90e51aae8525c897cf8c98ef09aad235ed9e9

    • SHA256

      e6533d5fe79de07359909ba9095f1d29929f3fe314758fd9f26ffc370ee6cebe

    • SHA512

      34c03d6fe9a759391cfa659c48a2d569be5952d7805e33421ed83033c2509665babdfcff705e375d2a12cd8429491050db4d7eb9c75ff5ce33cd65b9c008f8ea

    • SSDEEP

      196608:nKXbeO7Et7QmmF+QylBTZbvFVX89XVZUT7upkB:U7Et7tKyn3V8BVZw7upkB

    Score
    10/10
    gh0stratpurplefoxpersistenceratrootkittrojanupx

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

      persistence

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks