General

  • Target

    0644ab992718d047ad1ffdb92ff910ff56af34d34e22cdf65f6dfea25886a330

  • Size

    5.4MB

  • Sample

    240526-l3lpkafc24

  • MD5

    9933cc4278121a82ebe1cd2a61773937

  • SHA1

    a9617e43ce9a6a025e9e9462a75d479451129805

  • SHA256

    0644ab992718d047ad1ffdb92ff910ff56af34d34e22cdf65f6dfea25886a330

  • SHA512

    9deab54b44bcb297e74507c77deeaf33baea6855b53df42a33cc5ea77eb14067a396cb6bbb625e6ead884edf120873e1b09f43ebc6a20aa34bbdc3b895809375

  • SSDEEP

    98304:Qws2ANnKXOaeOgmhOUDmn2g3K46FKDKMPMnHRcQqYZR:GKXbeO7AcmnZ3lXOFOYZR

Malware Config

Targets

    • Target

      0644ab992718d047ad1ffdb92ff910ff56af34d34e22cdf65f6dfea25886a330

    • Size

      5.4MB

    • MD5

      9933cc4278121a82ebe1cd2a61773937

    • SHA1

      a9617e43ce9a6a025e9e9462a75d479451129805

    • SHA256

      0644ab992718d047ad1ffdb92ff910ff56af34d34e22cdf65f6dfea25886a330

    • SHA512

      9deab54b44bcb297e74507c77deeaf33baea6855b53df42a33cc5ea77eb14067a396cb6bbb625e6ead884edf120873e1b09f43ebc6a20aa34bbdc3b895809375

    • SSDEEP

      98304:Qws2ANnKXOaeOgmhOUDmn2g3K46FKDKMPMnHRcQqYZR:GKXbeO7AcmnZ3lXOFOYZR

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks