General

  • Target

    e2e5b20f0f7bc77272d63f525346b335718fc698cc86f296203a13d91867142e

  • Size

    611KB

  • Sample

    241026-zhjlcsyejd

  • MD5

    e6f235414c77bc3b33cebbb295552938

  • SHA1

    22b6fd5d46161a368a334326383fb9cd8c455f70

  • SHA256

    e2e5b20f0f7bc77272d63f525346b335718fc698cc86f296203a13d91867142e

  • SHA512

    dcae5613689960ed7409179c5f90dab4806189f36f181016c218c4f9211a1b3b4ff39dd4e2526bb506badab33dbf48fdae4e029558958fd256c8a7a12f55c5a1

  • SSDEEP

    12288:jFpuzZSkcBNrl5mTEUkDaSdJfpSaoNRVBUyMCe8VMM80B7qrI3iK1XBwZQo:jFmShDrngEUkDaiJfpSaoNRpMCe8CM8Z

Malware Config

Targets

    • Target

      e2e5b20f0f7bc77272d63f525346b335718fc698cc86f296203a13d91867142e

    • Size

      611KB

    • MD5

      e6f235414c77bc3b33cebbb295552938

    • SHA1

      22b6fd5d46161a368a334326383fb9cd8c455f70

    • SHA256

      e2e5b20f0f7bc77272d63f525346b335718fc698cc86f296203a13d91867142e

    • SHA512

      dcae5613689960ed7409179c5f90dab4806189f36f181016c218c4f9211a1b3b4ff39dd4e2526bb506badab33dbf48fdae4e029558958fd256c8a7a12f55c5a1

    • SSDEEP

      12288:jFpuzZSkcBNrl5mTEUkDaSdJfpSaoNRVBUyMCe8VMM80B7qrI3iK1XBwZQo:jFmShDrngEUkDaiJfpSaoNRpMCe8CM8Z

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks