General

  • Target

    66a8e5b0516e802ba99fad0f1b2a49261ec86a634b95a5ade2ce7994a42ef087

  • Size

    1.3MB

  • Sample

    240626-gqjxzs1hkp

  • MD5

    e3a43892d0886af0920b1a1215135fd4

  • SHA1

    1e6317201101690c0ceac6c6b21cab3ce48f2f6a

  • SHA256

    66a8e5b0516e802ba99fad0f1b2a49261ec86a634b95a5ade2ce7994a42ef087

  • SHA512

    1032a4edcd1db27e6c8774146b522dd5640939649d3a4b5cb5e2fcbd18443c2a16426f0a29611383a9d4cf71bfa67bcc7bab6f604091519895a2b2e89360f7d3

  • SSDEEP

    24576:Edq1km1qCuhiVbW+vknxCER3R3cI+9xpE/rsabGBthx8bUzbULO4heV3gezVqoDj:ET/CuhCzUhRG+D1CVObrqbVZqK6DU1io

Malware Config

Targets

    • Target

      66a8e5b0516e802ba99fad0f1b2a49261ec86a634b95a5ade2ce7994a42ef087

    • Size

      1.3MB

    • MD5

      e3a43892d0886af0920b1a1215135fd4

    • SHA1

      1e6317201101690c0ceac6c6b21cab3ce48f2f6a

    • SHA256

      66a8e5b0516e802ba99fad0f1b2a49261ec86a634b95a5ade2ce7994a42ef087

    • SHA512

      1032a4edcd1db27e6c8774146b522dd5640939649d3a4b5cb5e2fcbd18443c2a16426f0a29611383a9d4cf71bfa67bcc7bab6f604091519895a2b2e89360f7d3

    • SSDEEP

      24576:Edq1km1qCuhiVbW+vknxCER3R3cI+9xpE/rsabGBthx8bUzbULO4heV3gezVqoDj:ET/CuhCzUhRG+D1CVObrqbVZqK6DU1io

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks