General

  • Target

    9583698622f707bfbc778f1e158f30932408a4a63ff681c352104123a9226eb8

  • Size

    4.1MB

  • Sample

    250115-kzhcasxrct

  • MD5

    257e913fa3fd69040f3d2c49ee37be7b

  • SHA1

    982e7f93afc0a996a55b579357288f5c9853826e

  • SHA256

    9583698622f707bfbc778f1e158f30932408a4a63ff681c352104123a9226eb8

  • SHA512

    c8c8d9fb90362b4f8d75087c05cb8acf435a4fb6cd7554912782605b7dcc38ee421e72de46dad92a1e1132bc382ffd0625a7ea9df4e1d6b75942afae62ec37b4

  • SSDEEP

    98304:uws2ANnKXOaeOgmho0H5DUwmRu1O0TJQQqa:8KXbeO7O0xUXuY0dQQD

Malware Config

Targets

    • Target

      9583698622f707bfbc778f1e158f30932408a4a63ff681c352104123a9226eb8

    • Size

      4.1MB

    • MD5

      257e913fa3fd69040f3d2c49ee37be7b

    • SHA1

      982e7f93afc0a996a55b579357288f5c9853826e

    • SHA256

      9583698622f707bfbc778f1e158f30932408a4a63ff681c352104123a9226eb8

    • SHA512

      c8c8d9fb90362b4f8d75087c05cb8acf435a4fb6cd7554912782605b7dcc38ee421e72de46dad92a1e1132bc382ffd0625a7ea9df4e1d6b75942afae62ec37b4

    • SSDEEP

      98304:uws2ANnKXOaeOgmho0H5DUwmRu1O0TJQQqa:8KXbeO7O0xUXuY0dQQD

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks