General

  • Target

    fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi.vir

  • Size

    242.2MB

  • Sample

    241115-e3ykssylay

  • MD5

    4393f1aeb2effbba1df28ca5057e2182

  • SHA1

    ca2985c1f08350363b1b62756035b2982b787ab6

  • SHA256

    fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d

  • SHA512

    3e655488342b8be0038049b8193da42481c4c2a868ca613f311095d656539d35f01c865a7cb44eb7227ca1ae1ad5b63199a6ba84644dd26506ce6256638d5ed7

  • SSDEEP

    6291456:oLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4w:oLWfadiL1B/1/UZucfzT4

Malware Config

Targets

    • Target

      fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d.msi.vir

    • Size

      242.2MB

    • MD5

      4393f1aeb2effbba1df28ca5057e2182

    • SHA1

      ca2985c1f08350363b1b62756035b2982b787ab6

    • SHA256

      fd6e356f17c7db639084ea710174ed0c4ca6c43cc701525f855f241653d47e2d

    • SHA512

      3e655488342b8be0038049b8193da42481c4c2a868ca613f311095d656539d35f01c865a7cb44eb7227ca1ae1ad5b63199a6ba84644dd26506ce6256638d5ed7

    • SSDEEP

      6291456:oLKBfaA+iLH02im/1aOUiWuXsiHDqzGw4w:oLWfadiL1B/1/UZucfzT4

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks