General

  • Target

    de105de4385edbdeec144fbbef91ab6ae152cf95cc859abb47312ffbc4cbabe8

  • Size

    7.0MB

  • Sample

    240626-gtahqasapj

  • MD5

    65edb5f6fea3ddf5046c6eec648b9547

  • SHA1

    c6305d88962ba1ca34489344f1d6def8f6e59445

  • SHA256

    de105de4385edbdeec144fbbef91ab6ae152cf95cc859abb47312ffbc4cbabe8

  • SHA512

    a77ac22513fe4d28c9a93febadf51c34ffedba4e1d5c3847c73359713ab0acd1ef6a2db7e6523b85f20edf9afed9299ca30101d52ed1eb4b9dd148d61719a1f7

  • SSDEEP

    98304:2ws2ANnKXOaeOgmh2CWrDtWX2vaOp/BwQRo1u4PC7XZQXB:EKXbeO79eDtVyOp/+QO04PkKB

Malware Config

Targets

    • Target

      de105de4385edbdeec144fbbef91ab6ae152cf95cc859abb47312ffbc4cbabe8

    • Size

      7.0MB

    • MD5

      65edb5f6fea3ddf5046c6eec648b9547

    • SHA1

      c6305d88962ba1ca34489344f1d6def8f6e59445

    • SHA256

      de105de4385edbdeec144fbbef91ab6ae152cf95cc859abb47312ffbc4cbabe8

    • SHA512

      a77ac22513fe4d28c9a93febadf51c34ffedba4e1d5c3847c73359713ab0acd1ef6a2db7e6523b85f20edf9afed9299ca30101d52ed1eb4b9dd148d61719a1f7

    • SSDEEP

      98304:2ws2ANnKXOaeOgmh2CWrDtWX2vaOp/BwQRo1u4PC7XZQXB:EKXbeO79eDtVyOp/+QO04PkKB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks