General
-
Target
tmp
-
Size
1.3MB
-
Sample
220812-p3rgladdal
-
MD5
46de82693e684cc16820fc4d41a96444
-
SHA1
35c287a3184e7a687e4cff9f792a96583dacb0fe
-
SHA256
5a6211c06b54cad0b668568a941f9d903fc68c41125d388b5ab1bfb189920add
-
SHA512
7d3ef9bf980347e5d4126ed84da8154a15f4dfd324c9838fbad5a8198cf2bd75b8b415f94422b4b00e5bda0ab223fd805b244c7185f5535efc089b4835a0876e
Malware Config
Targets
-
-
Target
tmp
-
Size
1.3MB
-
MD5
46de82693e684cc16820fc4d41a96444
-
SHA1
35c287a3184e7a687e4cff9f792a96583dacb0fe
-
SHA256
5a6211c06b54cad0b668568a941f9d903fc68c41125d388b5ab1bfb189920add
-
SHA512
7d3ef9bf980347e5d4126ed84da8154a15f4dfd324c9838fbad5a8198cf2bd75b8b415f94422b4b00e5bda0ab223fd805b244c7185f5535efc089b4835a0876e
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-