General

  • Target

    66578f57ee9a8a5d2dd0d47e58e00feb760ab6067f72e5b658c3d96fb4429df0

  • Size

    1.6MB

  • Sample

    240625-wbvs9swfqq

  • MD5

    3d2b2bccc702030d606808a1fc1db22b

  • SHA1

    227561ff71639bab8cf5d176296066b0ea3b5878

  • SHA256

    66578f57ee9a8a5d2dd0d47e58e00feb760ab6067f72e5b658c3d96fb4429df0

  • SHA512

    3229a00f4fc43dfa68de567a7f6ee393cd7e05962c1e9580875ba800b2e2b110286bd8065b4122f6ea50b76c95630f7fcaf2428254f14e2461cfe2a9a0747678

  • SSDEEP

    24576:PQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVHWyQR1Dfun2P:PQZAdVyVT9n/Gg0P+WhoBDmn2P

Malware Config

Targets

    • Target

      66578f57ee9a8a5d2dd0d47e58e00feb760ab6067f72e5b658c3d96fb4429df0

    • Size

      1.6MB

    • MD5

      3d2b2bccc702030d606808a1fc1db22b

    • SHA1

      227561ff71639bab8cf5d176296066b0ea3b5878

    • SHA256

      66578f57ee9a8a5d2dd0d47e58e00feb760ab6067f72e5b658c3d96fb4429df0

    • SHA512

      3229a00f4fc43dfa68de567a7f6ee393cd7e05962c1e9580875ba800b2e2b110286bd8065b4122f6ea50b76c95630f7fcaf2428254f14e2461cfe2a9a0747678

    • SSDEEP

      24576:PQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVHWyQR1Dfun2P:PQZAdVyVT9n/Gg0P+WhoBDmn2P

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks