General

  • Target

    1e47326369ad9642f73f4fb2cfdf463f7bf6ee1092c5e7368ec216b6280ecdf0

  • Size

    2.7MB

  • Sample

    241019-tk5zgswhjp

  • MD5

    2e1681c6425de3884474f61ed5476d90

  • SHA1

    30fcc9b7010f114a2063680b16f2f398ee276f39

  • SHA256

    1e47326369ad9642f73f4fb2cfdf463f7bf6ee1092c5e7368ec216b6280ecdf0

  • SHA512

    88ba36e0538fa16a55f028fbb619036890c3a4ae46d0919a921faad84294b0ce101372411f2def041d03213290921c6a83250d057998421a16fc779f48f1101e

  • SSDEEP

    24576:MCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH2:MCwsbCANnKXferL7Vwe/Gg0P+WhR

Malware Config

Targets

    • Target

      1e47326369ad9642f73f4fb2cfdf463f7bf6ee1092c5e7368ec216b6280ecdf0

    • Size

      2.7MB

    • MD5

      2e1681c6425de3884474f61ed5476d90

    • SHA1

      30fcc9b7010f114a2063680b16f2f398ee276f39

    • SHA256

      1e47326369ad9642f73f4fb2cfdf463f7bf6ee1092c5e7368ec216b6280ecdf0

    • SHA512

      88ba36e0538fa16a55f028fbb619036890c3a4ae46d0919a921faad84294b0ce101372411f2def041d03213290921c6a83250d057998421a16fc779f48f1101e

    • SSDEEP

      24576:MCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH2:MCwsbCANnKXferL7Vwe/Gg0P+WhR

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks