General
-
Target
9740fb71580a1e6809c694ebd1aa132e76d0dc985dbc0721ae6590f3bf5ed19b.exe
-
Size
1.5MB
-
Sample
240925-cmsnhayerj
-
MD5
65fe8e2dc05c8ae90caf91809c77bbc3
-
SHA1
317c19da97aa28e7459d4dce179730fa1b272d1a
-
SHA256
9740fb71580a1e6809c694ebd1aa132e76d0dc985dbc0721ae6590f3bf5ed19b
-
SHA512
893efe2b0148d28e2919d806976df452f22914223408f68c5c33917392ddaefba5f167dff19a2057062bf640ba00c4aaeb3e295e7c49a708808e769ae811a071
-
SSDEEP
24576:eYVLN+uGOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:BTT3HPkVOBTK
Malware Config
Targets
-
-
Target
9740fb71580a1e6809c694ebd1aa132e76d0dc985dbc0721ae6590f3bf5ed19b.exe
-
Size
1.5MB
-
MD5
65fe8e2dc05c8ae90caf91809c77bbc3
-
SHA1
317c19da97aa28e7459d4dce179730fa1b272d1a
-
SHA256
9740fb71580a1e6809c694ebd1aa132e76d0dc985dbc0721ae6590f3bf5ed19b
-
SHA512
893efe2b0148d28e2919d806976df452f22914223408f68c5c33917392ddaefba5f167dff19a2057062bf640ba00c4aaeb3e295e7c49a708808e769ae811a071
-
SSDEEP
24576:eYVLN+uGOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:BTT3HPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1