General

  • Target

    a2aa637dd66b45527bfa9827583c3de9e60c400c571ab9f4f76f4d0848449f8b

  • Size

    4.2MB

  • Sample

    240625-xtjpdsxdjb

  • MD5

    a417e10d00ac3e13fa4e2c1fb2211a09

  • SHA1

    85ecaedf3fbbb6c1922d82a31b8dde659a5384de

  • SHA256

    a2aa637dd66b45527bfa9827583c3de9e60c400c571ab9f4f76f4d0848449f8b

  • SHA512

    6f95c19eac257da48d854176ce2984990f688979e491f9a23d1d3b1ff1f084d459feac966f78108af8cfa0fbc08b0a29473d7417d8d180da8dbacdfbb040aef7

  • SSDEEP

    98304:lws2ANnKXOaeOgmhXbSbJDmn2kJRSdqHDY3sW:PKXbeO7AFmn5zS

Malware Config

Targets

    • Target

      a2aa637dd66b45527bfa9827583c3de9e60c400c571ab9f4f76f4d0848449f8b

    • Size

      4.2MB

    • MD5

      a417e10d00ac3e13fa4e2c1fb2211a09

    • SHA1

      85ecaedf3fbbb6c1922d82a31b8dde659a5384de

    • SHA256

      a2aa637dd66b45527bfa9827583c3de9e60c400c571ab9f4f76f4d0848449f8b

    • SHA512

      6f95c19eac257da48d854176ce2984990f688979e491f9a23d1d3b1ff1f084d459feac966f78108af8cfa0fbc08b0a29473d7417d8d180da8dbacdfbb040aef7

    • SSDEEP

      98304:lws2ANnKXOaeOgmhXbSbJDmn2kJRSdqHDY3sW:PKXbeO7AFmn5zS

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks