General

  • Target

    5b5729c4853b5ccb526489737c4d69f392a2f3c017a3da519524a262e4d65d3b

  • Size

    1.3MB

  • Sample

    240603-pyyecagc44

  • MD5

    71070ea58caf6eeee1083606cae4eca5

  • SHA1

    04f720be3dad0c1b3a2a0cbef5af4c6aa4dbf6bb

  • SHA256

    5b5729c4853b5ccb526489737c4d69f392a2f3c017a3da519524a262e4d65d3b

  • SHA512

    414a023925e2d58aaa0d6065b4e6d1a502f92182fe5c9fa189b915ecf836b882290b55d0dc196f6dd4cf17becbfeedc3dc971bc5fbf0c7ff7d9e2d449e8ed8cd

  • SSDEEP

    24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNt:QHPkVOBTK

Malware Config

Targets

    • Target

      5b5729c4853b5ccb526489737c4d69f392a2f3c017a3da519524a262e4d65d3b

    • Size

      1.3MB

    • MD5

      71070ea58caf6eeee1083606cae4eca5

    • SHA1

      04f720be3dad0c1b3a2a0cbef5af4c6aa4dbf6bb

    • SHA256

      5b5729c4853b5ccb526489737c4d69f392a2f3c017a3da519524a262e4d65d3b

    • SHA512

      414a023925e2d58aaa0d6065b4e6d1a502f92182fe5c9fa189b915ecf836b882290b55d0dc196f6dd4cf17becbfeedc3dc971bc5fbf0c7ff7d9e2d449e8ed8cd

    • SSDEEP

      24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNt:QHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

MITRE ATT&CK Matrix

Tasks