General

  • Target

    ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132

  • Size

    4.6MB

  • Sample

    241115-qenw8svarf

  • MD5

    e380ec197850ecbb1d6fe33260dd35ef

  • SHA1

    60f04097d4e12a90755dbbc4dbedbb05fadacde9

  • SHA256

    ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132

  • SHA512

    74c27d4ab145de809f373235e8b69eb3b4b3b8f8e501d6b8d6c3293a26a9006892f214e5fe363022d84d5ccb3c510c461e90a63926f9b9618af04d2d47e39bb3

  • SSDEEP

    49152:8QZAdVyVT9n/Gg0P+WhoYbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:9GdVyVT9nOgmhXbXsPN5kiQaZ56

Malware Config

Targets

    • Target

      ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132

    • Size

      4.6MB

    • MD5

      e380ec197850ecbb1d6fe33260dd35ef

    • SHA1

      60f04097d4e12a90755dbbc4dbedbb05fadacde9

    • SHA256

      ddbfb4731c0f87850f78ef9b89b1f70c2722e94ec6340311e37486e88437d132

    • SHA512

      74c27d4ab145de809f373235e8b69eb3b4b3b8f8e501d6b8d6c3293a26a9006892f214e5fe363022d84d5ccb3c510c461e90a63926f9b9618af04d2d47e39bb3

    • SSDEEP

      49152:8QZAdVyVT9n/Gg0P+WhoYbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHC4O8b8R:9GdVyVT9nOgmhXbXsPN5kiQaZ56

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks