General

  • Target

    a0e1faa2a69bde41e847f465dda5930bde42f9f8e4e3b2c4edccd62b8c374645

  • Size

    8.3MB

  • Sample

    240625-wexf9swhkq

  • MD5

    430e0880657edb7bcabd32b4b3945c2c

  • SHA1

    bd0147bb75f5778b4333f68fe5a613f4fa0b60c0

  • SHA256

    a0e1faa2a69bde41e847f465dda5930bde42f9f8e4e3b2c4edccd62b8c374645

  • SHA512

    fba9cf5b16fc3cd4d10bfb84a82fcba1d610394e79fb0690b65f639e7d42d9fe653be3aa5ad15a50cee70abc60637837818b7a02a0e4c2b8f854b67369c27c3b

  • SSDEEP

    196608:0KXbeO7bQ7QmmF+QylBTZbvFVX89XVZUT7upkB:F7bQ7tKyn3V8BVZw7upkB

Malware Config

Targets

    • Target

      a0e1faa2a69bde41e847f465dda5930bde42f9f8e4e3b2c4edccd62b8c374645

    • Size

      8.3MB

    • MD5

      430e0880657edb7bcabd32b4b3945c2c

    • SHA1

      bd0147bb75f5778b4333f68fe5a613f4fa0b60c0

    • SHA256

      a0e1faa2a69bde41e847f465dda5930bde42f9f8e4e3b2c4edccd62b8c374645

    • SHA512

      fba9cf5b16fc3cd4d10bfb84a82fcba1d610394e79fb0690b65f639e7d42d9fe653be3aa5ad15a50cee70abc60637837818b7a02a0e4c2b8f854b67369c27c3b

    • SSDEEP

      196608:0KXbeO7bQ7QmmF+QylBTZbvFVX89XVZUT7upkB:F7bQ7tKyn3V8BVZw7upkB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks