General
-
Target
ChromeSetup.msi.v
-
Size
29.3MB
-
Sample
241003-gt5nvssbmf
-
MD5
751eb88d77d640cc9b497aafb5679821
-
SHA1
2dc4ee60244acd2e135e7f9493bc047da5291cbd
-
SHA256
a7a6306644c25e96d94c470f5dd1b1666df2b89f83693c5f40a9beb302e5c447
-
SHA512
75898716b8e5642e20f44c843d0c4e2c3d7ff3f45096fb88ec988caa99f00a949c42bd82a783966acee031f7c150d3bf77f9ae2908236f68c846bd9279ca8d39
-
SSDEEP
786432:kQ05JQsO+H3nM6mU0/nKginprtaTFVn1AESToSDNGpiKv2+iW:V0TZOUSPin617SBJGpiKv2DW
Malware Config
Targets
-
-
Target
ChromeSetup.msi.v
-
Size
29.3MB
-
MD5
751eb88d77d640cc9b497aafb5679821
-
SHA1
2dc4ee60244acd2e135e7f9493bc047da5291cbd
-
SHA256
a7a6306644c25e96d94c470f5dd1b1666df2b89f83693c5f40a9beb302e5c447
-
SHA512
75898716b8e5642e20f44c843d0c4e2c3d7ff3f45096fb88ec988caa99f00a949c42bd82a783966acee031f7c150d3bf77f9ae2908236f68c846bd9279ca8d39
-
SSDEEP
786432:kQ05JQsO+H3nM6mU0/nKginprtaTFVn1AESToSDNGpiKv2+iW:V0TZOUSPin617SBJGpiKv2DW
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1