General

  • Target

    44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8.exe

  • Size

    2.4MB

  • Sample

    241117-rhvpma1kew

  • MD5

    f21c945c5ee90cec90db66510778e5e7

  • SHA1

    132d5d653082303e0cc7afed09534e6a576cbb1b

  • SHA256

    44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8

  • SHA512

    2e30a1db393c5e351d153230c1f9f46ad6dd5bdb72d76590e0803bc8c2fa12b218b58422c55ebee678f9d94d704615806bca8aaa4565e704f58929802acf910f

  • SSDEEP

    49152:VQZAdVyVT9n/Gg0P+WhoqJlxAibBEZ1LWtBzkOW:OGdVyVT9nOgmhRlZOAy

Malware Config

Targets

    • Target

      44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8.exe

    • Size

      2.4MB

    • MD5

      f21c945c5ee90cec90db66510778e5e7

    • SHA1

      132d5d653082303e0cc7afed09534e6a576cbb1b

    • SHA256

      44b8da8971bf629350a4f15278b683094f417575e5fac8519e87236ab3a75bd8

    • SHA512

      2e30a1db393c5e351d153230c1f9f46ad6dd5bdb72d76590e0803bc8c2fa12b218b58422c55ebee678f9d94d704615806bca8aaa4565e704f58929802acf910f

    • SSDEEP

      49152:VQZAdVyVT9n/Gg0P+WhoqJlxAibBEZ1LWtBzkOW:OGdVyVT9nOgmhRlZOAy

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks