Overview

overview

10

Static

static

1

TwDush.msi

windows7-x64

6

TwDush.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TwDush.msi.v

  • Size

    66.4MB

  • Sample

    240921-wm1hwswcmp

  • MD5

    9800a890a4819b574c5aa5ca9e063d96

  • SHA1

    ede8c738d4e58c770f0ba7792e330756aaf28c7f

  • SHA256

    ec40da7be23e50181fb692525cc62f6cd5f5caa74f653fabaf5d57df1201263b

  • SHA512

    ae52316d3f17cab0370ce6a772861ae5ca5a556f140955c93edf91852695964b57b108c1b85a342d2c52ae8090a6c3d97e7fe5a1c4bd87435135572ab5ca12cf

  • SSDEEP

    1572864:vXU1B6zASrGGq3ymZM4yLpQBoxFlfAwwsUZWOVH:vXU1B6ASrGGqCcM/DxFBDwhZzH

Score
10/10
gh0stratpurplefoxdiscoverypersistenceprivilege_escalationratrootkittrojan

Malware Config

Targets

    • Target

      TwDush.msi.v

    • Size

      66.4MB

    • MD5

      9800a890a4819b574c5aa5ca9e063d96

    • SHA1

      ede8c738d4e58c770f0ba7792e330756aaf28c7f

    • SHA256

      ec40da7be23e50181fb692525cc62f6cd5f5caa74f653fabaf5d57df1201263b

    • SHA512

      ae52316d3f17cab0370ce6a772861ae5ca5a556f140955c93edf91852695964b57b108c1b85a342d2c52ae8090a6c3d97e7fe5a1c4bd87435135572ab5ca12cf

    • SSDEEP

      1572864:vXU1B6zASrGGq3ymZM4yLpQBoxFlfAwwsUZWOVH:vXU1B6ASrGGqCcM/DxFBDwhZzH

    Score
    10/10
    discoverypersistenceprivilege_escalationgh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks