General

  • Target

    7251e851dbc08419102178d07b55ce7845de15675c89c6c6ed8dd2d0cd0ec2bc

  • Size

    1.5MB

  • Sample

    241004-ckh2aayelr

  • MD5

    79bbd4b643931ab89d41049f7aae99f9

  • SHA1

    ee6fdc5d33e0605db07823a22e615511e76f4ea4

  • SHA256

    7251e851dbc08419102178d07b55ce7845de15675c89c6c6ed8dd2d0cd0ec2bc

  • SHA512

    81e06525a07803b2396753ec1669967ebc5043a5dc819348021a9be448ec9f9674ed4d1aa372ab48ef4b8ae6e1e5b29f4b380ffb22c7012307af1844f560bded

  • SSDEEP

    24576:UQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVKDILUsWAsO:UQZAdVyVT9n/Gg0P+WhoBD4F/

Malware Config

Targets

    • Target

      7251e851dbc08419102178d07b55ce7845de15675c89c6c6ed8dd2d0cd0ec2bc

    • Size

      1.5MB

    • MD5

      79bbd4b643931ab89d41049f7aae99f9

    • SHA1

      ee6fdc5d33e0605db07823a22e615511e76f4ea4

    • SHA256

      7251e851dbc08419102178d07b55ce7845de15675c89c6c6ed8dd2d0cd0ec2bc

    • SHA512

      81e06525a07803b2396753ec1669967ebc5043a5dc819348021a9be448ec9f9674ed4d1aa372ab48ef4b8ae6e1e5b29f4b380ffb22c7012307af1844f560bded

    • SSDEEP

      24576:UQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVKDILUsWAsO:UQZAdVyVT9n/Gg0P+WhoBD4F/

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks