General

  • Target

    a0683e9340a485ee7ba3d4b3881b4f2ee5024abe76b4ce7fe91d4cd14727f09f

  • Size

    2.0MB

  • Sample

    240626-glz4eaydlc

  • MD5

    1c08c00c1f24dbf9e4e73c8dd7a3e2f2

  • SHA1

    91ad63f06c17f41ffa1920cf75df1093a5533461

  • SHA256

    a0683e9340a485ee7ba3d4b3881b4f2ee5024abe76b4ce7fe91d4cd14727f09f

  • SHA512

    0785ef289fb6b09f54c48c0a2cc561b2fb967018c23792facab0af1161af9c5e6d372d7473a02187586a0d5ed5e88cb7ff00fc2a0b04f15219d7cdd4e7b9198f

  • SSDEEP

    49152:+QZAdVyVT9n/Gg0P+Who3peirqfovfK0ZPItx2apeapelI:vGdVyVT9nOgmhXirqf71tUvlI

Malware Config

Targets

    • Target

      a0683e9340a485ee7ba3d4b3881b4f2ee5024abe76b4ce7fe91d4cd14727f09f

    • Size

      2.0MB

    • MD5

      1c08c00c1f24dbf9e4e73c8dd7a3e2f2

    • SHA1

      91ad63f06c17f41ffa1920cf75df1093a5533461

    • SHA256

      a0683e9340a485ee7ba3d4b3881b4f2ee5024abe76b4ce7fe91d4cd14727f09f

    • SHA512

      0785ef289fb6b09f54c48c0a2cc561b2fb967018c23792facab0af1161af9c5e6d372d7473a02187586a0d5ed5e88cb7ff00fc2a0b04f15219d7cdd4e7b9198f

    • SSDEEP

      49152:+QZAdVyVT9n/Gg0P+Who3peirqfovfK0ZPItx2apeapelI:vGdVyVT9nOgmhXirqf71tUvlI

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks