General

  • Target

    775d06faf60840829756b70e52029d3abba1e1c5a9f92a5b0885080611e359a9

  • Size

    1.3MB

  • Sample

    241006-tcz39ssdln

  • MD5

    319de593725f90c4458e12b6634c1a67

  • SHA1

    9d86f56b6f4f194b72ca7f19fbcb604ad193ef9a

  • SHA256

    775d06faf60840829756b70e52029d3abba1e1c5a9f92a5b0885080611e359a9

  • SHA512

    c732326ae676005a90356a3c0814b1c22c07ed266f3f52c70cb07fdb6f185ac98aaf573cc38589f3fc84ef4e0838472ef0df9fd617ef874e38a32c6563b1e5f7

  • SSDEEP

    24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNt:QHPkVOBTK

Malware Config

Targets

    • Target

      775d06faf60840829756b70e52029d3abba1e1c5a9f92a5b0885080611e359a9

    • Size

      1.3MB

    • MD5

      319de593725f90c4458e12b6634c1a67

    • SHA1

      9d86f56b6f4f194b72ca7f19fbcb604ad193ef9a

    • SHA256

      775d06faf60840829756b70e52029d3abba1e1c5a9f92a5b0885080611e359a9

    • SHA512

      c732326ae676005a90356a3c0814b1c22c07ed266f3f52c70cb07fdb6f185ac98aaf573cc38589f3fc84ef4e0838472ef0df9fd617ef874e38a32c6563b1e5f7

    • SSDEEP

      24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNt:QHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

MITRE ATT&CK Enterprise v15

Tasks