General

  • Target

    8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

  • Size

    1.7MB

  • Sample

    241004-w5thasterg

  • MD5

    caf67a069417942f7dc464483fa221f3

  • SHA1

    45ea4ac98f0df824a206be6560a15546d711ae07

  • SHA256

    8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

  • SHA512

    92287a706b29dd7778c979b0468f677c5c6b2645dbc073105687e668fa92ba7f044baaea9618c60226e9ac46a8e6a2a928f53dc415875d548b32dd7c41fddc2a

  • SSDEEP

    12288:AfznAsTJY/1o26kw6BEVNsa4gOYKikqiCUDqgsX+QOpda8RUTMfgVSl54DeSWKVB:4TF6BA5+J/aQgVSlarWMWieUUR/K

Malware Config

Targets

    • Target

      8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

    • Size

      1.7MB

    • MD5

      caf67a069417942f7dc464483fa221f3

    • SHA1

      45ea4ac98f0df824a206be6560a15546d711ae07

    • SHA256

      8d28870afc570a9d6b5acde54701060c28639759ac8d998a1caeeb980c880e67

    • SHA512

      92287a706b29dd7778c979b0468f677c5c6b2645dbc073105687e668fa92ba7f044baaea9618c60226e9ac46a8e6a2a928f53dc415875d548b32dd7c41fddc2a

    • SSDEEP

      12288:AfznAsTJY/1o26kw6BEVNsa4gOYKikqiCUDqgsX+QOpda8RUTMfgVSl54DeSWKVB:4TF6BA5+J/aQgVSlarWMWieUUR/K

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks