General

  • Target

    baf2e512ccbb9ea27627e8726afe7aaa34e19a0055326bc1b57a0ac56212c9bb

  • Size

    1.6MB

  • Sample

    241112-s8r7vsypem

  • MD5

    6cc03a26bb589a589161baebc8050290

  • SHA1

    2f96f255b2f905ab441931e66880965798ae83fb

  • SHA256

    baf2e512ccbb9ea27627e8726afe7aaa34e19a0055326bc1b57a0ac56212c9bb

  • SHA512

    11c240aef03f88951d3d44e4933a7cb675f16617b16c1f92699e46062283cbf9e479b56e1be49a12a5bcd27ab2a90e46e76de371d7bf14abd8aeeb1a4fba43f2

  • SSDEEP

    24576:4pLOet+FXyn5pGJd1GdQmw7dj6ypuNiTdjvPG4/:4pLnt+Fy+1GnAj4ipjnL/

Malware Config

Targets

    • Target

      baf2e512ccbb9ea27627e8726afe7aaa34e19a0055326bc1b57a0ac56212c9bb

    • Size

      1.6MB

    • MD5

      6cc03a26bb589a589161baebc8050290

    • SHA1

      2f96f255b2f905ab441931e66880965798ae83fb

    • SHA256

      baf2e512ccbb9ea27627e8726afe7aaa34e19a0055326bc1b57a0ac56212c9bb

    • SHA512

      11c240aef03f88951d3d44e4933a7cb675f16617b16c1f92699e46062283cbf9e479b56e1be49a12a5bcd27ab2a90e46e76de371d7bf14abd8aeeb1a4fba43f2

    • SSDEEP

      24576:4pLOet+FXyn5pGJd1GdQmw7dj6ypuNiTdjvPG4/:4pLnt+Fy+1GnAj4ipjnL/

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Blocklisted process makes network request

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks