General

  • Target

    dd87c86eec4422ee0738d05826836f4917b9054f34166548f42fcd76558c4623

  • Size

    2.6MB

  • Sample

    241228-hs9f4axjhn

  • MD5

    22a892c12be151613bbd83dee8b80b92

  • SHA1

    186d460bf577d12603810dd8db096a6a7ec741b7

  • SHA256

    dd87c86eec4422ee0738d05826836f4917b9054f34166548f42fcd76558c4623

  • SHA512

    6f60425b90db041a898e8add6edb039e3de1b82883226b740bde61def8e75940e04567e024f6cf29ddcb4a6869eb0432ba1994b5c53d2303188fe47051cb43cc

  • SSDEEP

    49152:OCwsbCANnKXferL7Vwe/Gg0P+WhIsABTuk:pws2ANnKXOaeOgmhI1BTuk

Malware Config

Targets

    • Target

      dd87c86eec4422ee0738d05826836f4917b9054f34166548f42fcd76558c4623

    • Size

      2.6MB

    • MD5

      22a892c12be151613bbd83dee8b80b92

    • SHA1

      186d460bf577d12603810dd8db096a6a7ec741b7

    • SHA256

      dd87c86eec4422ee0738d05826836f4917b9054f34166548f42fcd76558c4623

    • SHA512

      6f60425b90db041a898e8add6edb039e3de1b82883226b740bde61def8e75940e04567e024f6cf29ddcb4a6869eb0432ba1994b5c53d2303188fe47051cb43cc

    • SSDEEP

      49152:OCwsbCANnKXferL7Vwe/Gg0P+WhIsABTuk:pws2ANnKXOaeOgmhI1BTuk

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.