General

  • Target

    96ea27e9be752dedf44c28a32e94a64c116940a7d412d59f847d3ac148a57d60

  • Size

    2.9MB

  • Sample

    240626-gqqersyfke

  • MD5

    1fea96f90fe213230d3bf92fc742f18e

  • SHA1

    e10724d5c50f046973fbb4f2d55c4467dd5839ae

  • SHA256

    96ea27e9be752dedf44c28a32e94a64c116940a7d412d59f847d3ac148a57d60

  • SHA512

    277b4453cc36f2be6cc9902e652be552596261bcd094bbac0f27c89d736a5eedbdb8047aa191c12f2148a81e8c9dd0904c1d1054b7c3c1b34e30a0d97ddc30e0

  • SSDEEP

    49152:BCwsbCANnKXferL7Vwe/Gg0P+Whp0XFYGr9+enbi:sws2ANnKXOaeOgmhBGr9+enbi

Malware Config

Targets

    • Target

      96ea27e9be752dedf44c28a32e94a64c116940a7d412d59f847d3ac148a57d60

    • Size

      2.9MB

    • MD5

      1fea96f90fe213230d3bf92fc742f18e

    • SHA1

      e10724d5c50f046973fbb4f2d55c4467dd5839ae

    • SHA256

      96ea27e9be752dedf44c28a32e94a64c116940a7d412d59f847d3ac148a57d60

    • SHA512

      277b4453cc36f2be6cc9902e652be552596261bcd094bbac0f27c89d736a5eedbdb8047aa191c12f2148a81e8c9dd0904c1d1054b7c3c1b34e30a0d97ddc30e0

    • SSDEEP

      49152:BCwsbCANnKXferL7Vwe/Gg0P+Whp0XFYGr9+enbi:sws2ANnKXOaeOgmhBGr9+enbi

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks