General

  • Target

    e1e7e8073a7c4e422812ae5ec8bd985a2512de0757705d764f49e41a2151c1ae

  • Size

    1.9MB

  • Sample

    240625-wf55sstgjg

  • MD5

    2cdb420dfe8252a5d5c253950be44442

  • SHA1

    fee05af9a5079766065e560713d9a6d992eb79df

  • SHA256

    e1e7e8073a7c4e422812ae5ec8bd985a2512de0757705d764f49e41a2151c1ae

  • SHA512

    0b7a3d705608d605724940f8298ba586d0eed3b4c3cd0696fedd6e72059b9664552f61e2f741784fc31918b14bbe72ef1a640b978969e21629f5af53fa829a41

  • SSDEEP

    24576:9QZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVo/ILUsWAsPOg7i6j+qM8+Eo01:9QZAdVyVT9n/Gg0P+WhoZ4FDopj+619

Malware Config

Targets

    • Target

      e1e7e8073a7c4e422812ae5ec8bd985a2512de0757705d764f49e41a2151c1ae

    • Size

      1.9MB

    • MD5

      2cdb420dfe8252a5d5c253950be44442

    • SHA1

      fee05af9a5079766065e560713d9a6d992eb79df

    • SHA256

      e1e7e8073a7c4e422812ae5ec8bd985a2512de0757705d764f49e41a2151c1ae

    • SHA512

      0b7a3d705608d605724940f8298ba586d0eed3b4c3cd0696fedd6e72059b9664552f61e2f741784fc31918b14bbe72ef1a640b978969e21629f5af53fa829a41

    • SSDEEP

      24576:9QZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVo/ILUsWAsPOg7i6j+qM8+Eo01:9QZAdVyVT9n/Gg0P+WhoZ4FDopj+619

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks