General

  • Target

    764664573b7890161a8030350ceaa1f573e9f84e3dcaea76bfaf5791fdf208dc

  • Size

    3.1MB

  • Sample

    240626-gs2wkssank

  • MD5

    7fdd0d53ff5cc7fa793ec5b0b79f3d45

  • SHA1

    35ec97fe59ba3e4a58ba23e008f4d697616b9a29

  • SHA256

    764664573b7890161a8030350ceaa1f573e9f84e3dcaea76bfaf5791fdf208dc

  • SHA512

    feb0572f44f1e541ad2c9455dce9b387f834509de5cdd3a7cb1806c086abd8e9cae67d4114779e4bbc1cd7a98a7136bcb3fd3f72a933fb20d67a39203639e373

  • SSDEEP

    49152:BQZAdVyVT9n/Gg0P+WhoesJyn27hAuFL+yleVZ7HuGams7EenTt/F2GGAcPDL:iGdVyVT9nOgmh1sJyn2MZcms/FqPDL

Malware Config

Targets

    • Target

      764664573b7890161a8030350ceaa1f573e9f84e3dcaea76bfaf5791fdf208dc

    • Size

      3.1MB

    • MD5

      7fdd0d53ff5cc7fa793ec5b0b79f3d45

    • SHA1

      35ec97fe59ba3e4a58ba23e008f4d697616b9a29

    • SHA256

      764664573b7890161a8030350ceaa1f573e9f84e3dcaea76bfaf5791fdf208dc

    • SHA512

      feb0572f44f1e541ad2c9455dce9b387f834509de5cdd3a7cb1806c086abd8e9cae67d4114779e4bbc1cd7a98a7136bcb3fd3f72a933fb20d67a39203639e373

    • SSDEEP

      49152:BQZAdVyVT9n/Gg0P+WhoesJyn27hAuFL+yleVZ7HuGams7EenTt/F2GGAcPDL:iGdVyVT9nOgmh1sJyn2MZcms/FqPDL

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks