General

  • Target

    66299fc3853af5378026c1b05de1935c023e5a59da184e29534c67a980c3ac39

  • Size

    3.2MB

  • Sample

    241014-gaq2csvcml

  • MD5

    04852aae834445ecbaad2168eddb4768

  • SHA1

    f37bfde4dba057f55e0106a51dc91de2628a858d

  • SHA256

    66299fc3853af5378026c1b05de1935c023e5a59da184e29534c67a980c3ac39

  • SHA512

    67f8bc7536b7bddc01d97fa8d10166ce0c81957e5e58e0a93f4244c6077e19e661d7e7e2e5c009066a7fef075f27ab8fcdeab5be4646917a2aef5af4b966836f

  • SSDEEP

    49152:DOWFJbtSMXoTLq73xKc9HsclmJSVARa86xzW3xRoyqqxrTo:DOWFJbtSMX3xKcZsclWSV7Sxyqxrc

Malware Config

Targets

    • Target

      66299fc3853af5378026c1b05de1935c023e5a59da184e29534c67a980c3ac39

    • Size

      3.2MB

    • MD5

      04852aae834445ecbaad2168eddb4768

    • SHA1

      f37bfde4dba057f55e0106a51dc91de2628a858d

    • SHA256

      66299fc3853af5378026c1b05de1935c023e5a59da184e29534c67a980c3ac39

    • SHA512

      67f8bc7536b7bddc01d97fa8d10166ce0c81957e5e58e0a93f4244c6077e19e661d7e7e2e5c009066a7fef075f27ab8fcdeab5be4646917a2aef5af4b966836f

    • SSDEEP

      49152:DOWFJbtSMXoTLq73xKc9HsclmJSVARa86xzW3xRoyqqxrTo:DOWFJbtSMX3xKcZsclWSV7Sxyqxrc

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks