General

  • Target

    29724954f4a052b295630f068e92dfab7698b8ec322653debf004b3d727cf867

  • Size

    2.5MB

  • Sample

    241007-qvmdcaxfnl

  • MD5

    14477b5b9238f7e4f4e9fdbbf5d5c753

  • SHA1

    28f70017d5fe05e97ace6828999972589b2abd2b

  • SHA256

    29724954f4a052b295630f068e92dfab7698b8ec322653debf004b3d727cf867

  • SHA512

    ab053be3dfce3eed1726efaab07ae3d4a8725193aab0dff7640da2211a2d2661ad4a06599d0d668a946dd9e617cd331dfbc32806cc4a55ef6c221f5a492435ea

  • SSDEEP

    49152:VYbdOZ8xWVmS0HsclmJSVARa86xzW3xRoyqqxrTo:go8WASAsclWSV7Sxyqxrc

Malware Config

Targets

    • Target

      29724954f4a052b295630f068e92dfab7698b8ec322653debf004b3d727cf867

    • Size

      2.5MB

    • MD5

      14477b5b9238f7e4f4e9fdbbf5d5c753

    • SHA1

      28f70017d5fe05e97ace6828999972589b2abd2b

    • SHA256

      29724954f4a052b295630f068e92dfab7698b8ec322653debf004b3d727cf867

    • SHA512

      ab053be3dfce3eed1726efaab07ae3d4a8725193aab0dff7640da2211a2d2661ad4a06599d0d668a946dd9e617cd331dfbc32806cc4a55ef6c221f5a492435ea

    • SSDEEP

      49152:VYbdOZ8xWVmS0HsclmJSVARa86xzW3xRoyqqxrTo:go8WASAsclWSV7Sxyqxrc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks