General

  • Target

    d8699268c2ee30bd1c9d45922ffec9a1644ecbd5c28ff5505fa80a47bc277868

  • Size

    437KB

  • Sample

    241005-h4paasselj

  • MD5

    41f4b5daa4da7cdd17984488598c1054

  • SHA1

    dba7eea0b59f565f33c2625f7cc999463e4f9585

  • SHA256

    d8699268c2ee30bd1c9d45922ffec9a1644ecbd5c28ff5505fa80a47bc277868

  • SHA512

    e6232fc33dc4a5ddb0935a910874a270d96828187c87879afbe451043b183dddf2b676aaac3b60f6b66999e6585747a29c6d0eab140d258f2f4e30966a198c84

  • SSDEEP

    6144:bas0ZLc/IJvCklIqA8mvHwgnHJp9OWqw7zsK0bencTpX4KtjY5Jt/lt0zwzOu6Wq:gBFJqk2q1g5ppemr0bAKoNfnQCSWpoSw

Malware Config

Targets

    • Target

      d8699268c2ee30bd1c9d45922ffec9a1644ecbd5c28ff5505fa80a47bc277868

    • Size

      437KB

    • MD5

      41f4b5daa4da7cdd17984488598c1054

    • SHA1

      dba7eea0b59f565f33c2625f7cc999463e4f9585

    • SHA256

      d8699268c2ee30bd1c9d45922ffec9a1644ecbd5c28ff5505fa80a47bc277868

    • SHA512

      e6232fc33dc4a5ddb0935a910874a270d96828187c87879afbe451043b183dddf2b676aaac3b60f6b66999e6585747a29c6d0eab140d258f2f4e30966a198c84

    • SSDEEP

      6144:bas0ZLc/IJvCklIqA8mvHwgnHJp9OWqw7zsK0bencTpX4KtjY5Jt/lt0zwzOu6Wq:gBFJqk2q1g5ppemr0bAKoNfnQCSWpoSw

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks