General

  • Target

    0861964bb9167b631b1f21f54f31072353d148188e92b25adc7437f33d2d1ea5.msi.vir

  • Size

    44.6MB

  • Sample

    241115-gmhkratldn

  • MD5

    a4d9f86c09bef236ea991b8801af8ebf

  • SHA1

    dd7f0c051958471cd01005544f43a61323e7f108

  • SHA256

    0861964bb9167b631b1f21f54f31072353d148188e92b25adc7437f33d2d1ea5

  • SHA512

    75f31cb0b4b26b2c255f6029625928fed21170cf7e82e07b186f9978884659336d6201769d4cd345eb1c41c61eab884a16149d92bea5dec5e16dae1c4da4bb56

  • SSDEEP

    786432:ozXyL7usprI6tyioiFbiOHwWNHwKlyU0yBtmFFfNGdzRAK1uJMXGkd9hCvytof/H:Ki2sUUWOHwWnv0yTmFdNG4KxxCKWX33

Malware Config

Targets

    • Target

      0861964bb9167b631b1f21f54f31072353d148188e92b25adc7437f33d2d1ea5.msi.vir

    • Size

      44.6MB

    • MD5

      a4d9f86c09bef236ea991b8801af8ebf

    • SHA1

      dd7f0c051958471cd01005544f43a61323e7f108

    • SHA256

      0861964bb9167b631b1f21f54f31072353d148188e92b25adc7437f33d2d1ea5

    • SHA512

      75f31cb0b4b26b2c255f6029625928fed21170cf7e82e07b186f9978884659336d6201769d4cd345eb1c41c61eab884a16149d92bea5dec5e16dae1c4da4bb56

    • SSDEEP

      786432:ozXyL7usprI6tyioiFbiOHwWNHwKlyU0yBtmFFfNGdzRAK1uJMXGkd9hCvytof/H:Ki2sUUWOHwWnv0yTmFdNG4KxxCKWX33

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks