General

  • Target

    62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1

  • Size

    248KB

  • Sample

    241031-kcbk8svcra

  • MD5

    dc38da17b0f0cc99f4831aba153bb28b

  • SHA1

    b756ef1b0369e0822ed248363ae6c577d53a7834

  • SHA256

    62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1

  • SHA512

    2c5349b9555c7ddaa300652173eef422fdcfbe464b8f8fca9e2ac53088d860eb996c763506d8ca1fef9ae9a0fb4d9574c6faf164050deb8f27646607f1699f8c

  • SSDEEP

    3072:whLXC/6ZxsIDrok7gJWyzebqkqNKktNXBPmaoTZ2xZS21+GCI2ekEbkAsH3mYBoj:whL46Z6IDvgJM5QmahxZS2EGCtr3X7F

Malware Config

Targets

    • Target

      62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1

    • Size

      248KB

    • MD5

      dc38da17b0f0cc99f4831aba153bb28b

    • SHA1

      b756ef1b0369e0822ed248363ae6c577d53a7834

    • SHA256

      62856958c7571eacf182e9b38f59189d7681ac39513fe3d3778f4b0be4e6ede1

    • SHA512

      2c5349b9555c7ddaa300652173eef422fdcfbe464b8f8fca9e2ac53088d860eb996c763506d8ca1fef9ae9a0fb4d9574c6faf164050deb8f27646607f1699f8c

    • SSDEEP

      3072:whLXC/6ZxsIDrok7gJWyzebqkqNKktNXBPmaoTZ2xZS21+GCI2ekEbkAsH3mYBoj:whL46Z6IDvgJM5QmahxZS2EGCtr3X7F

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks