General

  • Target

    602a279696a68143e52c66aeb3576db37bcc3b388bfe268269aeabb7f771ef61

  • Size

    2.4MB

  • Sample

    240625-xm8pyazblk

  • MD5

    8fba2d9c7e3295775b2e63fa86209d35

  • SHA1

    15c3ecbe55aa3fa2199552aa7324b29e5cd2b76f

  • SHA256

    602a279696a68143e52c66aeb3576db37bcc3b388bfe268269aeabb7f771ef61

  • SHA512

    1d31ee3b1eb265a7e5b12a0ac5fce3b594d35860ad601e7c87c078b159265300939260a46af090478f5f8b81d4741f98e500b7306252a93955907aaf036d4ac2

  • SSDEEP

    49152:509XJt4HIN2H2tFvduyS3UgsEVkUZI+f0M0FU:aZJt4HINy2LkxpkUiRFU

Malware Config

Targets

    • Target

      602a279696a68143e52c66aeb3576db37bcc3b388bfe268269aeabb7f771ef61

    • Size

      2.4MB

    • MD5

      8fba2d9c7e3295775b2e63fa86209d35

    • SHA1

      15c3ecbe55aa3fa2199552aa7324b29e5cd2b76f

    • SHA256

      602a279696a68143e52c66aeb3576db37bcc3b388bfe268269aeabb7f771ef61

    • SHA512

      1d31ee3b1eb265a7e5b12a0ac5fce3b594d35860ad601e7c87c078b159265300939260a46af090478f5f8b81d4741f98e500b7306252a93955907aaf036d4ac2

    • SSDEEP

      49152:509XJt4HIN2H2tFvduyS3UgsEVkUZI+f0M0FU:aZJt4HINy2LkxpkUiRFU

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks