General

  • Target

    12d876464959f61df981f9315c73f5e9eb0d654c13686c78cad0065d93d21cfe

  • Size

    1.1MB

  • Sample

    240625-xlhgcswhpc

  • MD5

    b448a0207cae605e8ed7c40d72785300

  • SHA1

    6333f657f367ac560fb01cb42a00994626b5dd8a

  • SHA256

    12d876464959f61df981f9315c73f5e9eb0d654c13686c78cad0065d93d21cfe

  • SHA512

    5eaeb11f5b4e9ac64f2ca342b76a09281d7a96c8d253a984e196a79c44a0f87ca5a373910b3b04ca0067490ff6c1815bbe5dfb694efda84383639381539ece2b

  • SSDEEP

    24576:z09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+FJ2:z09XJt4HIN2H2tFvduySp2

Malware Config

Targets

    • Target

      12d876464959f61df981f9315c73f5e9eb0d654c13686c78cad0065d93d21cfe

    • Size

      1.1MB

    • MD5

      b448a0207cae605e8ed7c40d72785300

    • SHA1

      6333f657f367ac560fb01cb42a00994626b5dd8a

    • SHA256

      12d876464959f61df981f9315c73f5e9eb0d654c13686c78cad0065d93d21cfe

    • SHA512

      5eaeb11f5b4e9ac64f2ca342b76a09281d7a96c8d253a984e196a79c44a0f87ca5a373910b3b04ca0067490ff6c1815bbe5dfb694efda84383639381539ece2b

    • SSDEEP

      24576:z09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+FJ2:z09XJt4HIN2H2tFvduySp2

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks