General

  • Target

    2600e88518ee20f7f6bf423d3d3aca3a5b610278f1290c581a4e7b2778f2a7f8

  • Size

    11.8MB

  • Sample

    240625-v67wmstcmc

  • MD5

    3ae92c2cca7bfbe838205e57d65a5cc4

  • SHA1

    36ac97d293b414f8189b8606d7171c414d1f877b

  • SHA256

    2600e88518ee20f7f6bf423d3d3aca3a5b610278f1290c581a4e7b2778f2a7f8

  • SHA512

    29b4b8632310d5d9b24cffce6f1037947cd4dde439ba9425a34fdf1be747239dc90ccabf3237c3076fc64c9c123e9634ae33ada79b79e1ebd8eab17242d0c084

  • SSDEEP

    196608:6WT9nO7NyaQJCF02NnFp35XBdvLIf/qa5zYZ1e+DE+qprGyMVmrPCoZwNpxN+648:a7NyaQJZCFRdvL450ve+DQpykLHmpx4w

Malware Config

Targets

    • Target

      2600e88518ee20f7f6bf423d3d3aca3a5b610278f1290c581a4e7b2778f2a7f8

    • Size

      11.8MB

    • MD5

      3ae92c2cca7bfbe838205e57d65a5cc4

    • SHA1

      36ac97d293b414f8189b8606d7171c414d1f877b

    • SHA256

      2600e88518ee20f7f6bf423d3d3aca3a5b610278f1290c581a4e7b2778f2a7f8

    • SHA512

      29b4b8632310d5d9b24cffce6f1037947cd4dde439ba9425a34fdf1be747239dc90ccabf3237c3076fc64c9c123e9634ae33ada79b79e1ebd8eab17242d0c084

    • SSDEEP

      196608:6WT9nO7NyaQJCF02NnFp35XBdvLIf/qa5zYZ1e+DE+qprGyMVmrPCoZwNpxN+648:a7NyaQJZCFRdvL450ve+DQpykLHmpx4w

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks