General

  • Target

    f88e9bf1cbf10c461763c2a10c7a9ec43ebdecdc4425801e8aa85cef00947542

  • Size

    2.5MB

  • Sample

    240625-wd9p7stfnb

  • MD5

    58ffd8063c8ab67a27cae8944cfd7ef4

  • SHA1

    23f3230490f3b9e3c88cb0ce06032ef3fb3249c4

  • SHA256

    f88e9bf1cbf10c461763c2a10c7a9ec43ebdecdc4425801e8aa85cef00947542

  • SHA512

    16e05ed4c5c00194b35d258cb0aa7c986f21e14aad096eec94a211ca1a23bc030d1aaa6c3e74c082019e66bb15857b30ccaf864cddf71b97608fcb4ff74923ea

  • SSDEEP

    24576:7CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHe:7CwsbCANnKXferL7Vwe/Gg0P+WhRH

Malware Config

Targets

    • Target

      f88e9bf1cbf10c461763c2a10c7a9ec43ebdecdc4425801e8aa85cef00947542

    • Size

      2.5MB

    • MD5

      58ffd8063c8ab67a27cae8944cfd7ef4

    • SHA1

      23f3230490f3b9e3c88cb0ce06032ef3fb3249c4

    • SHA256

      f88e9bf1cbf10c461763c2a10c7a9ec43ebdecdc4425801e8aa85cef00947542

    • SHA512

      16e05ed4c5c00194b35d258cb0aa7c986f21e14aad096eec94a211ca1a23bc030d1aaa6c3e74c082019e66bb15857b30ccaf864cddf71b97608fcb4ff74923ea

    • SSDEEP

      24576:7CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHe:7CwsbCANnKXferL7Vwe/Gg0P+WhRH

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks