General

  • Target

    cb0c12647657f2482b28fcedcbc6d1bcd8d54be049ed3f6b9aa25e6c27161671

  • Size

    5.6MB

  • Sample

    240625-xrzmtszdkn

  • MD5

    b30785b01be3a4f2aba213d4cd87dd51

  • SHA1

    a5a21e1deed6ebf2b15f89386ae574b11ae28dee

  • SHA256

    cb0c12647657f2482b28fcedcbc6d1bcd8d54be049ed3f6b9aa25e6c27161671

  • SHA512

    edb020cb4b73d530f9423d3983014b11c1d2b3748171068c3b73953dc82f05400db345adf54414262317f2dbc7b679941d54e3d5d3167f8693ed4ba74009f548

  • SSDEEP

    98304:zws2ANnKXOaeOgmh3nlEvQvcvGJ6D679w6N49q/SNEteB:VKXbeO7tnlEv2/J6D679+qa2teB

Malware Config

Targets

    • Target

      cb0c12647657f2482b28fcedcbc6d1bcd8d54be049ed3f6b9aa25e6c27161671

    • Size

      5.6MB

    • MD5

      b30785b01be3a4f2aba213d4cd87dd51

    • SHA1

      a5a21e1deed6ebf2b15f89386ae574b11ae28dee

    • SHA256

      cb0c12647657f2482b28fcedcbc6d1bcd8d54be049ed3f6b9aa25e6c27161671

    • SHA512

      edb020cb4b73d530f9423d3983014b11c1d2b3748171068c3b73953dc82f05400db345adf54414262317f2dbc7b679941d54e3d5d3167f8693ed4ba74009f548

    • SSDEEP

      98304:zws2ANnKXOaeOgmh3nlEvQvcvGJ6D679w6N49q/SNEteB:VKXbeO7tnlEv2/J6D679+qa2teB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks