General

  • Target

    1418bdd8e40e203b71684a9b549be5b2106552a07ede9b0b997012cb7831a9f8

  • Size

    491KB

  • Sample

    241211-xcpt3synbm

  • MD5

    8e58d477356f3f151e1a89f7b8c6d727

  • SHA1

    5218fb9e3a6862a5fb8b82e3366c34d487215a25

  • SHA256

    1418bdd8e40e203b71684a9b549be5b2106552a07ede9b0b997012cb7831a9f8

  • SHA512

    4af078a3b87678700c2286994bf7deff7e239dd7a8e66993d315e44f77895ec1ce8c69f4dfbee9a5444a9965e1f794dec5372db0a69a8ba853b923626adc6c54

  • SSDEEP

    6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RU6lZv:oDR+u8pfjYMMWNvdhUSByFPz+v

Malware Config

Targets

    • Target

      1418bdd8e40e203b71684a9b549be5b2106552a07ede9b0b997012cb7831a9f8

    • Size

      491KB

    • MD5

      8e58d477356f3f151e1a89f7b8c6d727

    • SHA1

      5218fb9e3a6862a5fb8b82e3366c34d487215a25

    • SHA256

      1418bdd8e40e203b71684a9b549be5b2106552a07ede9b0b997012cb7831a9f8

    • SHA512

      4af078a3b87678700c2286994bf7deff7e239dd7a8e66993d315e44f77895ec1ce8c69f4dfbee9a5444a9965e1f794dec5372db0a69a8ba853b923626adc6c54

    • SSDEEP

      6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2RU6lZv:oDR+u8pfjYMMWNvdhUSByFPz+v

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Deletes itself

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks