General

  • Target

    252115f874019044de7f7ebd36067537ab1e65b51ab771ec447b073fd9d6045d.msi.vir

  • Size

    135.9MB

  • Sample

    241109-v8anxsyfnh

  • MD5

    9bb81bdc5e28a397f25617a22b9e157d

  • SHA1

    e9e78c22ff047b35c2a6691295a9df62de203df0

  • SHA256

    252115f874019044de7f7ebd36067537ab1e65b51ab771ec447b073fd9d6045d

  • SHA512

    dc5678fd1441a5b65792f16ffc64694029f2b70dabcb4d54908121c2267d0f34b4de83d951a656267c80e288d9b0b0030d42572a7782d45762427be07c61483d

  • SSDEEP

    3145728:9QlSw/0KksfWneWVr6/4J3DYgxqmz8CZCLLURIq3MmzJPeHeZ:GlSw/7ksOneWVm/CDYddLYIcMeZ

Malware Config

Targets

    • Target

      252115f874019044de7f7ebd36067537ab1e65b51ab771ec447b073fd9d6045d.msi.vir

    • Size

      135.9MB

    • MD5

      9bb81bdc5e28a397f25617a22b9e157d

    • SHA1

      e9e78c22ff047b35c2a6691295a9df62de203df0

    • SHA256

      252115f874019044de7f7ebd36067537ab1e65b51ab771ec447b073fd9d6045d

    • SHA512

      dc5678fd1441a5b65792f16ffc64694029f2b70dabcb4d54908121c2267d0f34b4de83d951a656267c80e288d9b0b0030d42572a7782d45762427be07c61483d

    • SSDEEP

      3145728:9QlSw/0KksfWneWVr6/4J3DYgxqmz8CZCLLURIq3MmzJPeHeZ:GlSw/7ksOneWVm/CDYddLYIcMeZ

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks