General

  • Target

    ea222acda9eb491efcd8979cfc98c85d6bfa6a485a6ad821ed88e162b0f23e09

  • Size

    2.4MB

  • Sample

    240625-wn8kwsxcnq

  • MD5

    faba8be1c8e58afe0ce247776cf89c49

  • SHA1

    2b85fc96d3d2d4ee69af042527823d5cbf5bdebd

  • SHA256

    ea222acda9eb491efcd8979cfc98c85d6bfa6a485a6ad821ed88e162b0f23e09

  • SHA512

    e4471eb73e5cba581170fc4b07df316f46ba9669cc9848da523484bd2b275e94957250c79976d7ffa3c4b78c03ad2931c4ef3754831d18c0ff39450aa6427af6

  • SSDEEP

    24576:tCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHT:tCwsbCANnKXferL7Vwe/Gg0P+WhIr

Malware Config

Targets

    • Target

      ea222acda9eb491efcd8979cfc98c85d6bfa6a485a6ad821ed88e162b0f23e09

    • Size

      2.4MB

    • MD5

      faba8be1c8e58afe0ce247776cf89c49

    • SHA1

      2b85fc96d3d2d4ee69af042527823d5cbf5bdebd

    • SHA256

      ea222acda9eb491efcd8979cfc98c85d6bfa6a485a6ad821ed88e162b0f23e09

    • SHA512

      e4471eb73e5cba581170fc4b07df316f46ba9669cc9848da523484bd2b275e94957250c79976d7ffa3c4b78c03ad2931c4ef3754831d18c0ff39450aa6427af6

    • SSDEEP

      24576:tCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHT:tCwsbCANnKXferL7Vwe/Gg0P+WhIr

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks