General

  • Target

    2379afda6b5a85a95d55b2351fbca009719c1cac7e538005ea22274827be43b1

  • Size

    5.6MB

  • Sample

    240625-v3j1eatapf

  • MD5

    bc412a81579535be0744c141800c2971

  • SHA1

    481c572cd05f5e3ce8f7b3407bc441d1934bd1b4

  • SHA256

    2379afda6b5a85a95d55b2351fbca009719c1cac7e538005ea22274827be43b1

  • SHA512

    f929e579bbb2a1ed514af2ee3ab28b4fd078e8d1fa0cfd8cddccae590bd458878e14d64314e1bd0342466edfeee97b4daac704950bd5b986b21e54a3c540012b

  • SSDEEP

    98304:UGdVyVT9nOgmhufGJDmn23B+fXQWK4GQlW8ae7czp4iQcIlC8N2kmfO/l6GquQbm:rWT9nO7WGFmniBgzlWaHcIlC8+z/m

Malware Config

Targets

    • Target

      2379afda6b5a85a95d55b2351fbca009719c1cac7e538005ea22274827be43b1

    • Size

      5.6MB

    • MD5

      bc412a81579535be0744c141800c2971

    • SHA1

      481c572cd05f5e3ce8f7b3407bc441d1934bd1b4

    • SHA256

      2379afda6b5a85a95d55b2351fbca009719c1cac7e538005ea22274827be43b1

    • SHA512

      f929e579bbb2a1ed514af2ee3ab28b4fd078e8d1fa0cfd8cddccae590bd458878e14d64314e1bd0342466edfeee97b4daac704950bd5b986b21e54a3c540012b

    • SSDEEP

      98304:UGdVyVT9nOgmhufGJDmn23B+fXQWK4GQlW8ae7czp4iQcIlC8N2kmfO/l6GquQbm:rWT9nO7WGFmniBgzlWaHcIlC8+z/m

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks