General

  • Target

    b1ee022018659be07cb0abae6117e5946990929b28a679082e7efe8f2d3a035a

  • Size

    1.8MB

  • Sample

    241231-c6qy1szncn

  • MD5

    36ad15208c64a440d133199c3587be96

  • SHA1

    67528b072c1ea62372ac75b73c175fa59e598fc7

  • SHA256

    b1ee022018659be07cb0abae6117e5946990929b28a679082e7efe8f2d3a035a

  • SHA512

    b12cb45b85b16f29b13caae43b496dcbd8ce97b67e0539bc0d81ab241704d9fab441d926313bf3b95df66e8be132b8424c6b98c188366c88986982af46d4486b

  • SSDEEP

    24576:cQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV6aDILUsWAsp:cQZAdVyVT9n/Gg0P+WhogD4Fk

Malware Config

Targets

    • Target

      b1ee022018659be07cb0abae6117e5946990929b28a679082e7efe8f2d3a035a

    • Size

      1.8MB

    • MD5

      36ad15208c64a440d133199c3587be96

    • SHA1

      67528b072c1ea62372ac75b73c175fa59e598fc7

    • SHA256

      b1ee022018659be07cb0abae6117e5946990929b28a679082e7efe8f2d3a035a

    • SHA512

      b12cb45b85b16f29b13caae43b496dcbd8ce97b67e0539bc0d81ab241704d9fab441d926313bf3b95df66e8be132b8424c6b98c188366c88986982af46d4486b

    • SSDEEP

      24576:cQZoidOTdVZinacCET9Ecl1erdg0MCiVWhFU7cV6aDILUsWAsp:cQZAdVyVT9n/Gg0P+WhogD4Fk

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks