General

  • Target

    1eb7915b0604ff52703ad8291c2064234aa53f3f3b3376599eb9bbe478039cbf

  • Size

    5.9MB

  • Sample

    240625-xjvnxayhpn

  • MD5

    edebed2130182633f08010278d0d6eed

  • SHA1

    d5738889b389909656443ee6515d18dbbfee80a3

  • SHA256

    1eb7915b0604ff52703ad8291c2064234aa53f3f3b3376599eb9bbe478039cbf

  • SHA512

    de610f973b435b976cd6a8808399ec5d08ec126c45bee42399093f132c056cdb888b008a2bccda32dc733b265d3ef3a94ed084dcb285ef7fc2c7c122790507f7

  • SSDEEP

    98304:0GdVyVT9nOgmhs1ErRtM3NkJCggBXQaGkVf:LWT9nO72arRt6N6Cqpg

Malware Config

Targets

    • Target

      1eb7915b0604ff52703ad8291c2064234aa53f3f3b3376599eb9bbe478039cbf

    • Size

      5.9MB

    • MD5

      edebed2130182633f08010278d0d6eed

    • SHA1

      d5738889b389909656443ee6515d18dbbfee80a3

    • SHA256

      1eb7915b0604ff52703ad8291c2064234aa53f3f3b3376599eb9bbe478039cbf

    • SHA512

      de610f973b435b976cd6a8808399ec5d08ec126c45bee42399093f132c056cdb888b008a2bccda32dc733b265d3ef3a94ed084dcb285ef7fc2c7c122790507f7

    • SSDEEP

      98304:0GdVyVT9nOgmhs1ErRtM3NkJCggBXQaGkVf:LWT9nO72arRt6N6Cqpg

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks