Overview

overview

10

Static

static

3

966bcc571f...65.exe

windows7-x64

10

966bcc571f...65.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    966bcc571f105aee8b7843c0d0e86cb790954a82a2ed46600dbdc82aa5707d65

  • Size

    6.7MB

  • Sample

    240625-ydzaksyemg

  • MD5

    27b7d998c81e3269bec99083eff85786

  • SHA1

    c6513511a768ded1ddd3e615971c3d7a1dc73e61

  • SHA256

    966bcc571f105aee8b7843c0d0e86cb790954a82a2ed46600dbdc82aa5707d65

  • SHA512

    5229dd6c15e1b196feef777f85c035bb6852e36a89d6e6bf2f6bbd0ae596e7d8f3635c3bf3df0f02b322b83ce47169e6e7f2d1e3bff9147b5f1c9947a6c3d436

  • SSDEEP

    98304:Rws2ANnKXOaeOgmhDn2Hqg6DPW2/pOf+LX+HT:DKXbeO7xnzy2bI

Score
10/10
gh0stratpurplefoxpersistenceratrootkittrojanupx

Malware Config

Targets

    • Target

      966bcc571f105aee8b7843c0d0e86cb790954a82a2ed46600dbdc82aa5707d65

    • Size

      6.7MB

    • MD5

      27b7d998c81e3269bec99083eff85786

    • SHA1

      c6513511a768ded1ddd3e615971c3d7a1dc73e61

    • SHA256

      966bcc571f105aee8b7843c0d0e86cb790954a82a2ed46600dbdc82aa5707d65

    • SHA512

      5229dd6c15e1b196feef777f85c035bb6852e36a89d6e6bf2f6bbd0ae596e7d8f3635c3bf3df0f02b322b83ce47169e6e7f2d1e3bff9147b5f1c9947a6c3d436

    • SSDEEP

      98304:Rws2ANnKXOaeOgmhDn2Hqg6DPW2/pOf+LX+HT:DKXbeO7xnzy2bI

    Score
    10/10
    gh0stratpurplefoxpersistenceratrootkittrojanupx

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks