General
-
Target
f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
-
Size
441KB
-
Sample
220913-k326wafbe5
-
MD5
28b46ec57a5718f69d3d4f6be0734bff
-
SHA1
33f3969772bb028973142b53df2ab4bf665cc9f8
-
SHA256
f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
-
SHA512
da054bf34e54fb89fb280ce32966b21c37563231b3e23d9c92e38ae2b524fedd799ebb6ec4cba4b110ad90738f085cae7349fdfd6591b39f1f78fa14ef887456
-
SSDEEP
12288:ivk20fZkckJ+bFw3qlne22jdMuYeqWuC7kqL:sP0fZ+Juln5AMuk
Malware Config
Extracted
joker
https://feichina.oss-cn-hongkong.aliyuncs.com
Targets
-
-
Target
f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
-
Size
441KB
-
MD5
28b46ec57a5718f69d3d4f6be0734bff
-
SHA1
33f3969772bb028973142b53df2ab4bf665cc9f8
-
SHA256
f01423868e8cfd624a899be442880d06bc0d30dff43b8a104276ea5400fe75fd
-
SHA512
da054bf34e54fb89fb280ce32966b21c37563231b3e23d9c92e38ae2b524fedd799ebb6ec4cba4b110ad90738f085cae7349fdfd6591b39f1f78fa14ef887456
-
SSDEEP
12288:ivk20fZkckJ+bFw3qlne22jdMuYeqWuC7kqL:sP0fZ+Juln5AMuk
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-