General

  • Target

    330d12374766f7151ce5645e5f4d93764f0039c1e1bb27c6798aa604f72e33a1

  • Size

    1.8MB

  • Sample

    241206-3kft2azmcp

  • MD5

    02c753d0b2975c8c062b432153c85c1b

  • SHA1

    7adb1a8bfb80f9926e832aee8808cf05ecc2704a

  • SHA256

    330d12374766f7151ce5645e5f4d93764f0039c1e1bb27c6798aa604f72e33a1

  • SHA512

    9dcf4e847c57fb0c6dc09d665e1ff6897daaf3d66751ad6adf02a0e80c855e6bb31f56579dddd671ffe328e30e71166aa30673b52756590ce80953e74d9b2047

  • SSDEEP

    24576:FQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVfIFbB0XA0tIF6yjFq70:FQZAdVyVT9n/Gg0P+WhonbOK6E

Malware Config

Targets

    • Target

      330d12374766f7151ce5645e5f4d93764f0039c1e1bb27c6798aa604f72e33a1

    • Size

      1.8MB

    • MD5

      02c753d0b2975c8c062b432153c85c1b

    • SHA1

      7adb1a8bfb80f9926e832aee8808cf05ecc2704a

    • SHA256

      330d12374766f7151ce5645e5f4d93764f0039c1e1bb27c6798aa604f72e33a1

    • SHA512

      9dcf4e847c57fb0c6dc09d665e1ff6897daaf3d66751ad6adf02a0e80c855e6bb31f56579dddd671ffe328e30e71166aa30673b52756590ce80953e74d9b2047

    • SSDEEP

      24576:FQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cVfIFbB0XA0tIF6yjFq70:FQZAdVyVT9n/Gg0P+WhonbOK6E

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks