General

  • Target

    ae9874ce8de41c8a35861bb596ee302b0328721cf5f2d9c4684401e5fe14a8ea

  • Size

    14.7MB

  • Sample

    240625-wnj8asvaqb

  • MD5

    1c9e4d123ee99fd4c7b48353d6e2a0fb

  • SHA1

    58d42f3a8d715ce49b41a651e3f75b28034ba524

  • SHA256

    ae9874ce8de41c8a35861bb596ee302b0328721cf5f2d9c4684401e5fe14a8ea

  • SHA512

    1b617bad270967ee21a13c46cf5ddc7d4f800744ced465f78645b3f744ff024b25eff4de1b8e84c9fd63f3b8d6407dac5320609a852cc2637399c27718784e75

  • SSDEEP

    393216:k7r7Nx1Z+IGUqdv6+gv8Dgl87YERTF08NGIRb8XUg202Eync5ZCsmwdHLe3WHGL/:8W2XpAMmV5

Malware Config

Targets

    • Target

      ae9874ce8de41c8a35861bb596ee302b0328721cf5f2d9c4684401e5fe14a8ea

    • Size

      14.7MB

    • MD5

      1c9e4d123ee99fd4c7b48353d6e2a0fb

    • SHA1

      58d42f3a8d715ce49b41a651e3f75b28034ba524

    • SHA256

      ae9874ce8de41c8a35861bb596ee302b0328721cf5f2d9c4684401e5fe14a8ea

    • SHA512

      1b617bad270967ee21a13c46cf5ddc7d4f800744ced465f78645b3f744ff024b25eff4de1b8e84c9fd63f3b8d6407dac5320609a852cc2637399c27718784e75

    • SSDEEP

      393216:k7r7Nx1Z+IGUqdv6+gv8Dgl87YERTF08NGIRb8XUg202Eync5ZCsmwdHLe3WHGL/:8W2XpAMmV5

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks