General

  • Target

    7d605778879fe4f049022d626625f93860c60db89e58802b108dfadb3b0ce683

  • Size

    491KB

  • Sample

    241224-ellvns1phn

  • MD5

    d4a3ce48cefcad6ef68222189195adb5

  • SHA1

    fba76b5c3190e8cca9ce9c42620195fe9ba0e30d

  • SHA256

    7d605778879fe4f049022d626625f93860c60db89e58802b108dfadb3b0ce683

  • SHA512

    e3fd2fc09dc3f33bfb4f1a76010b4fc79d880acd6ca701a2d10f4fe36f4289450f49b78bb012ddc9331772207b5c759192396811e4e3b3ffb61e2a4c72caedb7

  • SSDEEP

    6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2Re6lZv:oDR+u8pfjYMMWNvdhUSByFPzAv

Malware Config

Targets

    • Target

      7d605778879fe4f049022d626625f93860c60db89e58802b108dfadb3b0ce683

    • Size

      491KB

    • MD5

      d4a3ce48cefcad6ef68222189195adb5

    • SHA1

      fba76b5c3190e8cca9ce9c42620195fe9ba0e30d

    • SHA256

      7d605778879fe4f049022d626625f93860c60db89e58802b108dfadb3b0ce683

    • SHA512

      e3fd2fc09dc3f33bfb4f1a76010b4fc79d880acd6ca701a2d10f4fe36f4289450f49b78bb012ddc9331772207b5c759192396811e4e3b3ffb61e2a4c72caedb7

    • SSDEEP

      6144:GpoMkequERu8qQ1fjYMMW9eKZH+IdISTUL24qL9cPKcPzR2Re6lZv:oDR+u8pfjYMMWNvdhUSByFPzAv

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks