General

  • Target

    711ff137a3ec7dccb9d92c557bdcfe2308c4375d460c2a6307cb6f5f0e5ef532

  • Size

    1.4MB

  • Sample

    240625-xhbjmswgjd

  • MD5

    541ccd29915c262f5b06be048504d4af

  • SHA1

    d3b2ddea3a6731df1f3730bd610b6a5233b67140

  • SHA256

    711ff137a3ec7dccb9d92c557bdcfe2308c4375d460c2a6307cb6f5f0e5ef532

  • SHA512

    184fcccfb7f0fc8d4d13c2486c044288a4a5edca4d7130b883e3cd00ad50a40b62b0a6723f6660fe8fe1978c723dd012349419b78151c3fe46bc4836900a42cf

  • SSDEEP

    24576:W09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+d+mP2+FHEnMcaUTFKu3X55op:W09XJt4HIN2H2tFvduySqvTFKu3p5w

Malware Config

Targets

    • Target

      711ff137a3ec7dccb9d92c557bdcfe2308c4375d460c2a6307cb6f5f0e5ef532

    • Size

      1.4MB

    • MD5

      541ccd29915c262f5b06be048504d4af

    • SHA1

      d3b2ddea3a6731df1f3730bd610b6a5233b67140

    • SHA256

      711ff137a3ec7dccb9d92c557bdcfe2308c4375d460c2a6307cb6f5f0e5ef532

    • SHA512

      184fcccfb7f0fc8d4d13c2486c044288a4a5edca4d7130b883e3cd00ad50a40b62b0a6723f6660fe8fe1978c723dd012349419b78151c3fe46bc4836900a42cf

    • SSDEEP

      24576:W09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+d+mP2+FHEnMcaUTFKu3X55op:W09XJt4HIN2H2tFvduySqvTFKu3p5w

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks