General

  • Target

    02d41e0c35d872e2bdfa3d0346fc43f9c99011d90d1e0d124287e58bdba8cf8b

  • Size

    1.6MB

  • Sample

    241014-z6jk9sxapf

  • MD5

    3c79703d5dda0694df40757c2f5229f0

  • SHA1

    e6f531e1bd5ce13dc5640312376d67b29b2c89f7

  • SHA256

    02d41e0c35d872e2bdfa3d0346fc43f9c99011d90d1e0d124287e58bdba8cf8b

  • SHA512

    9e3b7b970b7a81519882649770eece9b8cfa28facd677fec6669e5178f50d39e6d6f99f178d64b8ea5cdc4a61bdf2bd3dae3f372266b5dee4c454a1f3e10d32a

  • SSDEEP

    24576:ZOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHV4J8:ZOWFJbtSMXoTLq73xKh4C

Malware Config

Targets

    • Target

      02d41e0c35d872e2bdfa3d0346fc43f9c99011d90d1e0d124287e58bdba8cf8b

    • Size

      1.6MB

    • MD5

      3c79703d5dda0694df40757c2f5229f0

    • SHA1

      e6f531e1bd5ce13dc5640312376d67b29b2c89f7

    • SHA256

      02d41e0c35d872e2bdfa3d0346fc43f9c99011d90d1e0d124287e58bdba8cf8b

    • SHA512

      9e3b7b970b7a81519882649770eece9b8cfa28facd677fec6669e5178f50d39e6d6f99f178d64b8ea5cdc4a61bdf2bd3dae3f372266b5dee4c454a1f3e10d32a

    • SSDEEP

      24576:ZOeh7E7IJbtEJEHng8wGrQTLq73xaH7pbHV4J8:ZOWFJbtSMXoTLq73xKh4C

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks