General

  • Target

    e655e856a657a3c3478925c2eae88b5f2bf87a3f0ababa12831a0d896658aa54

  • Size

    2.8MB

  • Sample

    240626-gmcpha1fpk

  • MD5

    a896f5a20fc0d029035042a0f5677d14

  • SHA1

    5c0f3521725833b0158c21229c1d87cdd52843ed

  • SHA256

    e655e856a657a3c3478925c2eae88b5f2bf87a3f0ababa12831a0d896658aa54

  • SHA512

    df327355709b75fb9a92b239c5bf9dc201d610ddd802a9dae5e210fb0e34c1b354b65faaf71c660dcb22890c1b529a708a6366df3d7a4facfefb88b7903608b9

  • SSDEEP

    49152:aQZAdVyVT9n/Gg0P+WhoQ5dyWRudqIqfovfKM+XGwv2tP1zTPADnWPMklKu8bi4o:DGdVyVT9nOgmhF5dyWRudqIqf7M+WwvU

Malware Config

Targets

    • Target

      e655e856a657a3c3478925c2eae88b5f2bf87a3f0ababa12831a0d896658aa54

    • Size

      2.8MB

    • MD5

      a896f5a20fc0d029035042a0f5677d14

    • SHA1

      5c0f3521725833b0158c21229c1d87cdd52843ed

    • SHA256

      e655e856a657a3c3478925c2eae88b5f2bf87a3f0ababa12831a0d896658aa54

    • SHA512

      df327355709b75fb9a92b239c5bf9dc201d610ddd802a9dae5e210fb0e34c1b354b65faaf71c660dcb22890c1b529a708a6366df3d7a4facfefb88b7903608b9

    • SSDEEP

      49152:aQZAdVyVT9n/Gg0P+WhoQ5dyWRudqIqfovfKM+XGwv2tP1zTPADnWPMklKu8bi4o:DGdVyVT9nOgmhF5dyWRudqIqf7M+WwvU

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks