General

  • Target

    fd50a17a82912e9e253df626bcc5f595990dff4b2d6858c35e50d24923e79641

  • Size

    5.9MB

  • Sample

    240625-wl5ffsxbpj

  • MD5

    67ac7f17ce22f6e92a951423acb1f383

  • SHA1

    aa4778438bf8444f814b7a29a448021531f37add

  • SHA256

    fd50a17a82912e9e253df626bcc5f595990dff4b2d6858c35e50d24923e79641

  • SHA512

    a73051212d779c359ea01952d703fa42a766196750db9c29e2ce34883e8a17351c22a8342df7f953faa582481742e46dc713fc1f3e502ace52cc182521cec7df

  • SSDEEP

    98304:zws2ANnKXOaeOgmhpS4yht5aJVFpeVv0RkX+N:VKXbeO7vzUeJnSyHN

Malware Config

Targets

    • Target

      fd50a17a82912e9e253df626bcc5f595990dff4b2d6858c35e50d24923e79641

    • Size

      5.9MB

    • MD5

      67ac7f17ce22f6e92a951423acb1f383

    • SHA1

      aa4778438bf8444f814b7a29a448021531f37add

    • SHA256

      fd50a17a82912e9e253df626bcc5f595990dff4b2d6858c35e50d24923e79641

    • SHA512

      a73051212d779c359ea01952d703fa42a766196750db9c29e2ce34883e8a17351c22a8342df7f953faa582481742e46dc713fc1f3e502ace52cc182521cec7df

    • SSDEEP

      98304:zws2ANnKXOaeOgmhpS4yht5aJVFpeVv0RkX+N:VKXbeO7vzUeJnSyHN

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks