General

  • Target

    573163d4d59a49b099549641dbc554dbe1ed9688bfcf936e15be9914b7f44705

  • Size

    1.3MB

  • Sample

    241007-hwee5awekc

  • MD5

    2fe8328e55c69c4225fa09f5b5325d4a

  • SHA1

    cd11599f1706f96241726ac459270b0c1fdb69cc

  • SHA256

    573163d4d59a49b099549641dbc554dbe1ed9688bfcf936e15be9914b7f44705

  • SHA512

    d32c49b91ce1058c1a78ce7fc51c0212ca91399ac75241485aa0389d0bee7f8ac75d8662120573ceda0935acd55c85b2c61ccd5f8edd75f26b2c5a9add7320a4

  • SSDEEP

    24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNx:QHPkVOBTK

Malware Config

Targets

    • Target

      573163d4d59a49b099549641dbc554dbe1ed9688bfcf936e15be9914b7f44705

    • Size

      1.3MB

    • MD5

      2fe8328e55c69c4225fa09f5b5325d4a

    • SHA1

      cd11599f1706f96241726ac459270b0c1fdb69cc

    • SHA256

      573163d4d59a49b099549641dbc554dbe1ed9688bfcf936e15be9914b7f44705

    • SHA512

      d32c49b91ce1058c1a78ce7fc51c0212ca91399ac75241485aa0389d0bee7f8ac75d8662120573ceda0935acd55c85b2c61ccd5f8edd75f26b2c5a9add7320a4

    • SSDEEP

      24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNx:QHPkVOBTK

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks