General

  • Target

    f12f3c72a962ec7ff9339d417d6b7c3b75786396964ee29e9b07ff8affe1f798

  • Size

    5.1MB

  • Sample

    240625-v7dzystcna

  • MD5

    522500daa767d10e5d2e0aa43d1c2dc1

  • SHA1

    42aec654eab4e7cb5013caf24cd0e02e3e2fbc61

  • SHA256

    f12f3c72a962ec7ff9339d417d6b7c3b75786396964ee29e9b07ff8affe1f798

  • SHA512

    6fefec37e414d2614372fd93eb2557708f3627bcd4e3750ed6fbf3c0b4bd55c7acb4021612f630cf412d2b8f546fff2be6f775a9cbfc1c0b8e8f6258d6c02b39

  • SSDEEP

    49152:AQZAdVyVT9n/Gg0P+WhokWFuUn9cmCW1dhM8A1BWYqseqxo0Qwn+hRIzw8mznSdt:JGdVyVT9nOgmhrPmXA3WY2PsFB1qA

Malware Config

Targets

    • Target

      f12f3c72a962ec7ff9339d417d6b7c3b75786396964ee29e9b07ff8affe1f798

    • Size

      5.1MB

    • MD5

      522500daa767d10e5d2e0aa43d1c2dc1

    • SHA1

      42aec654eab4e7cb5013caf24cd0e02e3e2fbc61

    • SHA256

      f12f3c72a962ec7ff9339d417d6b7c3b75786396964ee29e9b07ff8affe1f798

    • SHA512

      6fefec37e414d2614372fd93eb2557708f3627bcd4e3750ed6fbf3c0b4bd55c7acb4021612f630cf412d2b8f546fff2be6f775a9cbfc1c0b8e8f6258d6c02b39

    • SSDEEP

      49152:AQZAdVyVT9n/Gg0P+WhokWFuUn9cmCW1dhM8A1BWYqseqxo0Qwn+hRIzw8mznSdt:JGdVyVT9nOgmhrPmXA3WY2PsFB1qA

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks