General

  • Target

    690fb3bf8ff907b783d63ca6af42e316ae23e46628283db80a126f1f9d1b9763

  • Size

    1.9MB

  • Sample

    241206-3dkveatkgy

  • MD5

    68fc45aaf9a045a9aa917d74c89ee382

  • SHA1

    fc14d97e73f6831ec796f9652d4d01042b2027de

  • SHA256

    690fb3bf8ff907b783d63ca6af42e316ae23e46628283db80a126f1f9d1b9763

  • SHA512

    84e0e1c75456db2c80e4af4620f7ff3b9bb90b6891d4a87de8ed9ec79f6bf331209559ff0f442ef475c0a4add12fdf387dd5bee375e125573c4017a4dcb57c1e

  • SSDEEP

    49152:TQZAdVyVT9n/Gg0P+WhoPpeG0ZPItx2apeapelI:UGdVyVT9nOgmhHMtUvlI

Malware Config

Targets

    • Target

      690fb3bf8ff907b783d63ca6af42e316ae23e46628283db80a126f1f9d1b9763

    • Size

      1.9MB

    • MD5

      68fc45aaf9a045a9aa917d74c89ee382

    • SHA1

      fc14d97e73f6831ec796f9652d4d01042b2027de

    • SHA256

      690fb3bf8ff907b783d63ca6af42e316ae23e46628283db80a126f1f9d1b9763

    • SHA512

      84e0e1c75456db2c80e4af4620f7ff3b9bb90b6891d4a87de8ed9ec79f6bf331209559ff0f442ef475c0a4add12fdf387dd5bee375e125573c4017a4dcb57c1e

    • SSDEEP

      49152:TQZAdVyVT9n/Gg0P+WhoPpeG0ZPItx2apeapelI:UGdVyVT9nOgmhHMtUvlI

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks