General

  • Target

    834654e30bf105ea91d8344c488fff96b21ba158c10656892bcaf02093a60e67

  • Size

    771KB

  • Sample

    241008-b1llnsscrq

  • MD5

    22d8e4be04ba5d7b9f38ebd04fc18d99

  • SHA1

    aebb9c29dc9c38ff7f076e045997fb81b782ddf0

  • SHA256

    834654e30bf105ea91d8344c488fff96b21ba158c10656892bcaf02093a60e67

  • SHA512

    ab4e96c341ec32bc7b3a2ed06477571b219c8ef349ef466c13d7bd5fe243e98c80a2b9e71a59a80c7d0cb5b9ed96322260fcdc7dc436efe1bf0e2a8b97157e92

  • SSDEEP

    12288:EKlFAGnKA8Z4POeiN2HG1EpzpP3UKKwfDLky0zTe7lVIoSYlC8+lEvKlJfF05Ibx:hnKREiEG1wfUK3fcFKlCb

Malware Config

Targets

    • Target

      834654e30bf105ea91d8344c488fff96b21ba158c10656892bcaf02093a60e67

    • Size

      771KB

    • MD5

      22d8e4be04ba5d7b9f38ebd04fc18d99

    • SHA1

      aebb9c29dc9c38ff7f076e045997fb81b782ddf0

    • SHA256

      834654e30bf105ea91d8344c488fff96b21ba158c10656892bcaf02093a60e67

    • SHA512

      ab4e96c341ec32bc7b3a2ed06477571b219c8ef349ef466c13d7bd5fe243e98c80a2b9e71a59a80c7d0cb5b9ed96322260fcdc7dc436efe1bf0e2a8b97157e92

    • SSDEEP

      12288:EKlFAGnKA8Z4POeiN2HG1EpzpP3UKKwfDLky0zTe7lVIoSYlC8+lEvKlJfF05Ibx:hnKREiEG1wfUK3fcFKlCb

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks