General

  • Target

    13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68

  • Size

    1.3MB

  • Sample

    241211-wrqt9axrbm

  • MD5

    7b73e46389fbff427059ee9d6691a7c1

  • SHA1

    f449327faa3f233a9e3b98e2b27a7eedc670748e

  • SHA256

    13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68

  • SHA512

    e8a21d04b1ab2c82c3416b26ee94360bcce13e55cbbd0f973bf1f83b3e069c155365538677c1356bf3ea114418a0e89077b0c2b1f8ab2b5d0560ba2fe13a74db

  • SSDEEP

    24576:JOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrJ:EHPkVOBTKd

Malware Config

Targets

    • Target

      13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68

    • Size

      1.3MB

    • MD5

      7b73e46389fbff427059ee9d6691a7c1

    • SHA1

      f449327faa3f233a9e3b98e2b27a7eedc670748e

    • SHA256

      13865fc1b24aba80c30a353b9a707bde93e5cfa8097b2bbcc3a5e158cac45e68

    • SHA512

      e8a21d04b1ab2c82c3416b26ee94360bcce13e55cbbd0f973bf1f83b3e069c155365538677c1356bf3ea114418a0e89077b0c2b1f8ab2b5d0560ba2fe13a74db

    • SSDEEP

      24576:JOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrJ:EHPkVOBTKd

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks