General

  • Target

    d2a9a39d84763ffc0b0c57dcfaafe7439a50902e307107dc2a70354d04559004

  • Size

    491KB

  • Sample

    241207-nbxnvswjem

  • MD5

    4d02d507c92aa0b0a7ad9b8c215bb41c

  • SHA1

    2a5b27d0c34db285565ca07816f2912fe3db24ff

  • SHA256

    d2a9a39d84763ffc0b0c57dcfaafe7439a50902e307107dc2a70354d04559004

  • SHA512

    e2d6783d1423351581f243e1018825970d48345043a19ba5c88322824847e37453364f685b7b55de41d3e50bc7408b79c496781e19965f878401246b5d0d46c0

  • SSDEEP

    6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RG6lZv:oDR+u8pfjYMMWNvdhUSByFPz8v

Malware Config

Targets

    • Target

      d2a9a39d84763ffc0b0c57dcfaafe7439a50902e307107dc2a70354d04559004

    • Size

      491KB

    • MD5

      4d02d507c92aa0b0a7ad9b8c215bb41c

    • SHA1

      2a5b27d0c34db285565ca07816f2912fe3db24ff

    • SHA256

      d2a9a39d84763ffc0b0c57dcfaafe7439a50902e307107dc2a70354d04559004

    • SHA512

      e2d6783d1423351581f243e1018825970d48345043a19ba5c88322824847e37453364f685b7b55de41d3e50bc7408b79c496781e19965f878401246b5d0d46c0

    • SSDEEP

      6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RG6lZv:oDR+u8pfjYMMWNvdhUSByFPz8v

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks