General

  • Target

    e5cbd45b332e7bffd4dda46c55b81845f7169d654bfa48390034f86d77b78d1f

  • Size

    6.2MB

  • Sample

    240526-m6pfasga41

  • MD5

    c595e53ad90b8a8dd0202298c8e88ef6

  • SHA1

    7be837f48901704f1bf16d1bda55d7e7857039d1

  • SHA256

    e5cbd45b332e7bffd4dda46c55b81845f7169d654bfa48390034f86d77b78d1f

  • SHA512

    038397706557288aafc65e06f78bfae6701ce8b14c794d334a146678afbe446b50ea1af4f083c90b7bd1d839054f158aa56cc5c7ba85d24089717a937a903070

  • SSDEEP

    98304:aws2ANnKXOaeOgmh0xBxlKnbxBxlPMMMMMMMMLMMMMMMMMMMmOxBxliZxBxlpAxV:wKXbeO7yxluxlrxlWxlpAxbTXWMjR

Malware Config

Targets

    • Target

      e5cbd45b332e7bffd4dda46c55b81845f7169d654bfa48390034f86d77b78d1f

    • Size

      6.2MB

    • MD5

      c595e53ad90b8a8dd0202298c8e88ef6

    • SHA1

      7be837f48901704f1bf16d1bda55d7e7857039d1

    • SHA256

      e5cbd45b332e7bffd4dda46c55b81845f7169d654bfa48390034f86d77b78d1f

    • SHA512

      038397706557288aafc65e06f78bfae6701ce8b14c794d334a146678afbe446b50ea1af4f083c90b7bd1d839054f158aa56cc5c7ba85d24089717a937a903070

    • SSDEEP

      98304:aws2ANnKXOaeOgmh0xBxlKnbxBxlPMMMMMMMMLMMMMMMMMMMmOxBxliZxBxlpAxV:wKXbeO7yxluxlrxlWxlpAxbTXWMjR

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks