Resubmissions

05-10-2024 18:58

241005-xmv4vazaqm 10

05-10-2024 18:55

241005-xkzn9athpf 10

General

  • Target

    758499a68f081186db8d0110a96d8254925b8e26521ac999dc6530ab78ff472e

  • Size

    3.2MB

  • Sample

    241005-xkzn9athpf

  • MD5

    652912d95a08323a18f554795683df9b

  • SHA1

    00301462b3c59d6ffc471e2825d9cf58299c2e51

  • SHA256

    758499a68f081186db8d0110a96d8254925b8e26521ac999dc6530ab78ff472e

  • SHA512

    da144a00fc57f80ca9afa1dd0a468042a7e555f0ad38e696f2d8491e48d8ff90ec1aacb20da1a587842ea590f718c1538dee74413be167cc8200600cf4524b13

  • SSDEEP

    49152:pOWFJbtSMXoTLq73xKc9HsclmJSVARa86xzW3xRoyqqxrTR:pOWFJbtSMX3xKcZsclWSV7SxyqxrF

Malware Config

Targets

    • Target

      758499a68f081186db8d0110a96d8254925b8e26521ac999dc6530ab78ff472e

    • Size

      3.2MB

    • MD5

      652912d95a08323a18f554795683df9b

    • SHA1

      00301462b3c59d6ffc471e2825d9cf58299c2e51

    • SHA256

      758499a68f081186db8d0110a96d8254925b8e26521ac999dc6530ab78ff472e

    • SHA512

      da144a00fc57f80ca9afa1dd0a468042a7e555f0ad38e696f2d8491e48d8ff90ec1aacb20da1a587842ea590f718c1538dee74413be167cc8200600cf4524b13

    • SSDEEP

      49152:pOWFJbtSMXoTLq73xKc9HsclmJSVARa86xzW3xRoyqqxrTR:pOWFJbtSMX3xKcZsclWSV7SxyqxrF

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks