General

  • Target

    e723eb577760118bddef48a3475ce4376a8678f618e9dc94c0555d81d8499a55

  • Size

    2.7MB

  • Sample

    240526-kx3v8adg92

  • MD5

    7e58bdae995d36d63b54cfcf5daeadca

  • SHA1

    a36a55b2ec5a7430beb151b5f5c525c45952bf25

  • SHA256

    e723eb577760118bddef48a3475ce4376a8678f618e9dc94c0555d81d8499a55

  • SHA512

    b90e1dc07f3de15efb295032f416aff1848ed76d91025b76751ca0753c0416416a9981ca1dd2777fedead26d65bc5eb16b7da3c7f8a50e8172bafeb97900e517

  • SSDEEP

    49152:QCwsbCANnKXferL7Vwe/Gg0P+WhBwA63ToYm+yrk:7ws2ANnKXOaeOgmhBwA63ToYm+yrk

Malware Config

Targets

    • Target

      e723eb577760118bddef48a3475ce4376a8678f618e9dc94c0555d81d8499a55

    • Size

      2.7MB

    • MD5

      7e58bdae995d36d63b54cfcf5daeadca

    • SHA1

      a36a55b2ec5a7430beb151b5f5c525c45952bf25

    • SHA256

      e723eb577760118bddef48a3475ce4376a8678f618e9dc94c0555d81d8499a55

    • SHA512

      b90e1dc07f3de15efb295032f416aff1848ed76d91025b76751ca0753c0416416a9981ca1dd2777fedead26d65bc5eb16b7da3c7f8a50e8172bafeb97900e517

    • SSDEEP

      49152:QCwsbCANnKXferL7Vwe/Gg0P+WhBwA63ToYm+yrk:7ws2ANnKXOaeOgmhBwA63ToYm+yrk

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks