Overview

overview

10

Static

static

3

74057e0026...ed.exe

windows7-x64

10

74057e0026...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74057e0026a76c45b6da0a5abe814dec50b52a5620219a72b4d69244faca2bed

  • Size

    2.0MB

  • Sample

    241103-szpelswra1

  • MD5

    f2de5959af0e1ace5581e125a633cb05

  • SHA1

    3b04d6911d69ddc2ff9840c5fd9d442a22ac1391

  • SHA256

    74057e0026a76c45b6da0a5abe814dec50b52a5620219a72b4d69244faca2bed

  • SHA512

    a36223e9b0f15c7217e9cef0e71f1d34c156b536ff19d800ea9cc5cc227055d76dd96d3af723c929d57a6633e3a6b0217d6f602a1b4c664b27fe68a29a2b006c

  • SSDEEP

    49152:AQZAdVyVT9n/Gg0P+WhoopePnf6zqgmnpeapeT:JGdVyVT9nOgmhaPieQvT

Score
10/10
gh0stratpurplefoxdiscoverypersistenceratrootkittrojanupx

Malware Config

Targets

    • Target

      74057e0026a76c45b6da0a5abe814dec50b52a5620219a72b4d69244faca2bed

    • Size

      2.0MB

    • MD5

      f2de5959af0e1ace5581e125a633cb05

    • SHA1

      3b04d6911d69ddc2ff9840c5fd9d442a22ac1391

    • SHA256

      74057e0026a76c45b6da0a5abe814dec50b52a5620219a72b4d69244faca2bed

    • SHA512

      a36223e9b0f15c7217e9cef0e71f1d34c156b536ff19d800ea9cc5cc227055d76dd96d3af723c929d57a6633e3a6b0217d6f602a1b4c664b27fe68a29a2b006c

    • SSDEEP

      49152:AQZAdVyVT9n/Gg0P+WhoopePnf6zqgmnpeapeT:JGdVyVT9nOgmhaPieQvT

    Score
    10/10
    gh0stratpurplefoxdiscoverypersistenceratrootkittrojanupx

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Purplefox family

      purplefox

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks