General

  • Target

    2539300c8edd75c14dd5759307f62bb801a097fb7e7933446d4354e99dc99ce9

  • Size

    2.9MB

  • Sample

    241004-pavnjsshnr

  • MD5

    a4549e4bb83313dfc98109bb28c433d2

  • SHA1

    0cab6e2522187c0e06f592832c11b1cab396eeb0

  • SHA256

    2539300c8edd75c14dd5759307f62bb801a097fb7e7933446d4354e99dc99ce9

  • SHA512

    abe53f9fe0e0bbd80fd5f5f2764eed3c28b9339b57e562cd8fd03d84ba20ab59612791797777c33a4782a17e1e8d3448412e7eba82e3860c006c4c984ba9a6c2

  • SSDEEP

    49152:VQZAdVyVT9n/Gg0P+WhoeD4Fk+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:OGdVyVT9nOgmhKk+Wwv2tP1PPknK

Malware Config

Targets

    • Target

      2539300c8edd75c14dd5759307f62bb801a097fb7e7933446d4354e99dc99ce9

    • Size

      2.9MB

    • MD5

      a4549e4bb83313dfc98109bb28c433d2

    • SHA1

      0cab6e2522187c0e06f592832c11b1cab396eeb0

    • SHA256

      2539300c8edd75c14dd5759307f62bb801a097fb7e7933446d4354e99dc99ce9

    • SHA512

      abe53f9fe0e0bbd80fd5f5f2764eed3c28b9339b57e562cd8fd03d84ba20ab59612791797777c33a4782a17e1e8d3448412e7eba82e3860c006c4c984ba9a6c2

    • SSDEEP

      49152:VQZAdVyVT9n/Gg0P+WhoeD4Fk+XGwv2tP1zTPADnWPMklKu8bi4O8b8ITDnl13S:OGdVyVT9nOgmhKk+Wwv2tP1PPknK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks