General

  • Target

    501ea561c1521b5d6233d5ab69d94c5e61a2c220b38ae97060e9d2d19141781a

  • Size

    1.4MB

  • Sample

    240626-gkvgja1fjn

  • MD5

    921ada8439fa4ec3aed1a5cd051eec61

  • SHA1

    7fb721cc787b8b9f4aabf1b3bc98783221956e4d

  • SHA256

    501ea561c1521b5d6233d5ab69d94c5e61a2c220b38ae97060e9d2d19141781a

  • SHA512

    ed03897ae54057d061587d764c0d685889cb82f2a30447280a654dc6faf266118c727f386e20d35ac002f405cc5ad9a8560fedd23e159b2b772ff606523a921e

  • SSDEEP

    24576:iQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVDd5dyWRudqIqfaVN5mmT7Kr:iQZAdVyVT9n/Gg0P+WhoY5dyWRudqIqP

Malware Config

Targets

    • Target

      501ea561c1521b5d6233d5ab69d94c5e61a2c220b38ae97060e9d2d19141781a

    • Size

      1.4MB

    • MD5

      921ada8439fa4ec3aed1a5cd051eec61

    • SHA1

      7fb721cc787b8b9f4aabf1b3bc98783221956e4d

    • SHA256

      501ea561c1521b5d6233d5ab69d94c5e61a2c220b38ae97060e9d2d19141781a

    • SHA512

      ed03897ae54057d061587d764c0d685889cb82f2a30447280a654dc6faf266118c727f386e20d35ac002f405cc5ad9a8560fedd23e159b2b772ff606523a921e

    • SSDEEP

      24576:iQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVDd5dyWRudqIqfaVN5mmT7Kr:iQZAdVyVT9n/Gg0P+WhoY5dyWRudqIqP

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks