General

  • Target

    c2e2f668cab6d58ca325f8117224c39e0f2a37c71cbb4c074ba52943c14e22ba

  • Size

    2.1MB

  • Sample

    240625-wkl8gsthne

  • MD5

    926648c60293b7571246b6c4bcade44b

  • SHA1

    8756cdf52b962197efccb1897a4f0d1d55eb90ff

  • SHA256

    c2e2f668cab6d58ca325f8117224c39e0f2a37c71cbb4c074ba52943c14e22ba

  • SHA512

    69c3e77bec4382bf253b80c92d05036a45f8bae6d86ef3c51618b3a98b5562cecf3802e7d87b0769fb7d10f13fb0aeab536c0a7a957df7d55d7032e707a6a52a

  • SSDEEP

    24576:AQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVYy1YbnepsCVxilP/f+GyduTTo:AQZAdVyVT9n/Gg0P+WhoDy0GxoydeNud

Malware Config

Targets

    • Target

      c2e2f668cab6d58ca325f8117224c39e0f2a37c71cbb4c074ba52943c14e22ba

    • Size

      2.1MB

    • MD5

      926648c60293b7571246b6c4bcade44b

    • SHA1

      8756cdf52b962197efccb1897a4f0d1d55eb90ff

    • SHA256

      c2e2f668cab6d58ca325f8117224c39e0f2a37c71cbb4c074ba52943c14e22ba

    • SHA512

      69c3e77bec4382bf253b80c92d05036a45f8bae6d86ef3c51618b3a98b5562cecf3802e7d87b0769fb7d10f13fb0aeab536c0a7a957df7d55d7032e707a6a52a

    • SSDEEP

      24576:AQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVYy1YbnepsCVxilP/f+GyduTTo:AQZAdVyVT9n/Gg0P+WhoDy0GxoydeNud

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks