General

  • Target

    47f980ab9515cb893c4e12348182a2d0c8f7c4d5cfef0e05e453b963056266c7

  • Size

    2.2MB

  • Sample

    241004-ckjb2ssfjh

  • MD5

    48899b9142266e65f30a013d907cce64

  • SHA1

    3275d71e63a7b2a691859f4d2231d3de55b3c20e

  • SHA256

    47f980ab9515cb893c4e12348182a2d0c8f7c4d5cfef0e05e453b963056266c7

  • SHA512

    997c323b99cace2e0a44ddcce0998279d3a8032811f76e585e95c6f01265916516b6cd326ed9b296c966a6457c2a81fb9f68f41c583501bfcbf32d6a2fae54f9

  • SSDEEP

    49152:MQZAdVyVT9n/Gg0P+WhoNpecD4FDZPItx2apeapelI:tGdVyVT9nOgmhZbOtUvlI

Malware Config

Targets

    • Target

      47f980ab9515cb893c4e12348182a2d0c8f7c4d5cfef0e05e453b963056266c7

    • Size

      2.2MB

    • MD5

      48899b9142266e65f30a013d907cce64

    • SHA1

      3275d71e63a7b2a691859f4d2231d3de55b3c20e

    • SHA256

      47f980ab9515cb893c4e12348182a2d0c8f7c4d5cfef0e05e453b963056266c7

    • SHA512

      997c323b99cace2e0a44ddcce0998279d3a8032811f76e585e95c6f01265916516b6cd326ed9b296c966a6457c2a81fb9f68f41c583501bfcbf32d6a2fae54f9

    • SSDEEP

      49152:MQZAdVyVT9n/Gg0P+WhoNpecD4FDZPItx2apeapelI:tGdVyVT9nOgmhZbOtUvlI

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks