General

  • Target

    ffcc16dc85c8c18a26907704d83cda5010231844f6bf48a54abfa4bae465ad8f

  • Size

    2.1MB

  • Sample

    240626-gw843asbrr

  • MD5

    efadf22889a66d488579c78cfaa239d9

  • SHA1

    55fda91fc4a06f98979d335a2458a86119bcca45

  • SHA256

    ffcc16dc85c8c18a26907704d83cda5010231844f6bf48a54abfa4bae465ad8f

  • SHA512

    d40ab926afdcb9cfa53ea94963fcfa3bd0fdd2bf0f215fc71d6feadcc98aad595c3100423d99d5e3aa17d2619c9f15edbadf9ec317758709b8b11247f540c229

  • SSDEEP

    49152:X09XJt4HIN2H2tFvduySrKxAibBEZ1LWtBzkOm:kZJt4HINy2LkWZOAC

Malware Config

Targets

    • Target

      ffcc16dc85c8c18a26907704d83cda5010231844f6bf48a54abfa4bae465ad8f

    • Size

      2.1MB

    • MD5

      efadf22889a66d488579c78cfaa239d9

    • SHA1

      55fda91fc4a06f98979d335a2458a86119bcca45

    • SHA256

      ffcc16dc85c8c18a26907704d83cda5010231844f6bf48a54abfa4bae465ad8f

    • SHA512

      d40ab926afdcb9cfa53ea94963fcfa3bd0fdd2bf0f215fc71d6feadcc98aad595c3100423d99d5e3aa17d2619c9f15edbadf9ec317758709b8b11247f540c229

    • SSDEEP

      49152:X09XJt4HIN2H2tFvduySrKxAibBEZ1LWtBzkOm:kZJt4HINy2LkWZOAC

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks