General

  • Target

    bf2cdfae8a3f3feb7a03422e40cb433b752b1de4a2f320089f9733b9708b4005

  • Size

    4.8MB

  • Sample

    240626-gly64sydkh

  • MD5

    60cc61281bfccd6e6b8db675298b641e

  • SHA1

    9446d0a7df155e919e4aa790b4f8a7b2e1dd8be0

  • SHA256

    bf2cdfae8a3f3feb7a03422e40cb433b752b1de4a2f320089f9733b9708b4005

  • SHA512

    b72a56081cf5a5360c479b1a5df859cff2feadae5deffea61b9d81e6ef1630c80ffb09c3e94a7d9d9d72394d7f087fd2a2cc6fa8c0dae56c489191c510ca2c76

  • SSDEEP

    49152:6QZAdVyVT9n/Gg0P+WhoNrqfovfK2bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5W9:jGdVyVT9nOgmh8rqf72bXsPN5kiQaZ56

Malware Config

Targets

    • Target

      bf2cdfae8a3f3feb7a03422e40cb433b752b1de4a2f320089f9733b9708b4005

    • Size

      4.8MB

    • MD5

      60cc61281bfccd6e6b8db675298b641e

    • SHA1

      9446d0a7df155e919e4aa790b4f8a7b2e1dd8be0

    • SHA256

      bf2cdfae8a3f3feb7a03422e40cb433b752b1de4a2f320089f9733b9708b4005

    • SHA512

      b72a56081cf5a5360c479b1a5df859cff2feadae5deffea61b9d81e6ef1630c80ffb09c3e94a7d9d9d72394d7f087fd2a2cc6fa8c0dae56c489191c510ca2c76

    • SSDEEP

      49152:6QZAdVyVT9n/Gg0P+WhoNrqfovfK2bXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5W9:jGdVyVT9nOgmh8rqf72bXsPN5kiQaZ56

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks