General

  • Target

    e033d2fb6fdac58d65f921b8ea655bfb4c9563c9a56b0e86d33ac68bd54747dd

  • Size

    2.3MB

  • Sample

    240626-gvrtdssbln

  • MD5

    a05801b5729b95c0dd19cca88427f832

  • SHA1

    d4dcef457bb044f4d10466a2de4a463770c1d517

  • SHA256

    e033d2fb6fdac58d65f921b8ea655bfb4c9563c9a56b0e86d33ac68bd54747dd

  • SHA512

    391f611004d41623074c55f7889e6c27b8ba8d4dd30a63c87b7f9fe363c0e16037e43c8a1a1200e13f5da2addaab59d3ab1cc5f02f0f801b961f8861f142b284

  • SSDEEP

    24576:oCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHY:oCwsbCANnKXferL7Vwe/Gg0P+Whj

Malware Config

Targets

    • Target

      e033d2fb6fdac58d65f921b8ea655bfb4c9563c9a56b0e86d33ac68bd54747dd

    • Size

      2.3MB

    • MD5

      a05801b5729b95c0dd19cca88427f832

    • SHA1

      d4dcef457bb044f4d10466a2de4a463770c1d517

    • SHA256

      e033d2fb6fdac58d65f921b8ea655bfb4c9563c9a56b0e86d33ac68bd54747dd

    • SHA512

      391f611004d41623074c55f7889e6c27b8ba8d4dd30a63c87b7f9fe363c0e16037e43c8a1a1200e13f5da2addaab59d3ab1cc5f02f0f801b961f8861f142b284

    • SSDEEP

      24576:oCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHY:oCwsbCANnKXferL7Vwe/Gg0P+Whj

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks