General

  • Target

    e05abc270ff710323c1ec28af1bb345886b76b0d3f232f98b6ac433eb421e67d

  • Size

    1.6MB

  • Sample

    240526-kcsvhscd31

  • MD5

    56155fdc20975401cdb9d6fb65119c29

  • SHA1

    215289385d9c9ae8bc18e013a091ddb12a54fcb5

  • SHA256

    e05abc270ff710323c1ec28af1bb345886b76b0d3f232f98b6ac433eb421e67d

  • SHA512

    7cea54066a37ffec1e506a951bad3f24156efaedf2e6041109a1bd5cc719a9764c2759faf125b1ae0bf0937ccbb9a24c5a4a4390d4e9fa3054b63e4d21c04f6b

  • SSDEEP

    24576:vQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVC+VS1Dfun2q:vQZAdVyVT9n/Gg0P+Who/xDmn2q

Malware Config

Targets

    • Target

      e05abc270ff710323c1ec28af1bb345886b76b0d3f232f98b6ac433eb421e67d

    • Size

      1.6MB

    • MD5

      56155fdc20975401cdb9d6fb65119c29

    • SHA1

      215289385d9c9ae8bc18e013a091ddb12a54fcb5

    • SHA256

      e05abc270ff710323c1ec28af1bb345886b76b0d3f232f98b6ac433eb421e67d

    • SHA512

      7cea54066a37ffec1e506a951bad3f24156efaedf2e6041109a1bd5cc719a9764c2759faf125b1ae0bf0937ccbb9a24c5a4a4390d4e9fa3054b63e4d21c04f6b

    • SSDEEP

      24576:vQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVC+VS1Dfun2q:vQZAdVyVT9n/Gg0P+Who/xDmn2q

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks