General

  • Target

    e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f

  • Size

    1.7MB

  • Sample

    241008-l8ajgs1akl

  • MD5

    613cab77c52846189b012d5aaccd2195

  • SHA1

    446a34a6e6b409e540e942bfe098e01fad69dd44

  • SHA256

    e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f

  • SHA512

    9c46fd733bc0faabe1d0ef7d8a162eef970b3bc05b57a80c496dc28712d0b26444c5facf8c1f343dc42d0e5751e5a9815609186d3972807c699ebb7814a8ec84

  • SSDEEP

    24576:fQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVRvyn2pWvsL0vO2:fQZAdVyVT9n/Gg0P+Whouvyn2Aa0vO2

Malware Config

Targets

    • Target

      e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f

    • Size

      1.7MB

    • MD5

      613cab77c52846189b012d5aaccd2195

    • SHA1

      446a34a6e6b409e540e942bfe098e01fad69dd44

    • SHA256

      e41e0aa4877b787b2021bd0148f547c192849632351292b86cb6a7b2d06cec5f

    • SHA512

      9c46fd733bc0faabe1d0ef7d8a162eef970b3bc05b57a80c496dc28712d0b26444c5facf8c1f343dc42d0e5751e5a9815609186d3972807c699ebb7814a8ec84

    • SSDEEP

      24576:fQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVRvyn2pWvsL0vO2:fQZAdVyVT9n/Gg0P+Whouvyn2Aa0vO2

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks