General
-
Target
1d329207cc0e0ae6649dfa5ae77f3a70c67e2a3a0d1ef5a609c937deac271cf4
-
Size
28KB
-
Sample
220930-yzwftaffbq
-
MD5
c1101555cb3e0f55bf293caf6ec27034
-
SHA1
7c44a04dfc1b1ca839044f51b7cec7f918544451
-
SHA256
1d329207cc0e0ae6649dfa5ae77f3a70c67e2a3a0d1ef5a609c937deac271cf4
-
SHA512
b44cbcf8541951834180e77f26e45032937270b87548d2d215b796895057245adbb4ddbfd9ea08e1b85f2f22b9d3f9dfd6987eb3fc2796453bc9a9d202762083
-
SSDEEP
192:QqNKGqvO5JaE9LhHBdb9E9ZhoynJLNgH9Sa2tZch4s9GRmd8MFA93M3pkR:kPEhhdb9whD+d/2tQ4s9Gwd5ASc
Malware Config
Targets
-
-
Target
1d329207cc0e0ae6649dfa5ae77f3a70c67e2a3a0d1ef5a609c937deac271cf4
-
Size
28KB
-
MD5
c1101555cb3e0f55bf293caf6ec27034
-
SHA1
7c44a04dfc1b1ca839044f51b7cec7f918544451
-
SHA256
1d329207cc0e0ae6649dfa5ae77f3a70c67e2a3a0d1ef5a609c937deac271cf4
-
SHA512
b44cbcf8541951834180e77f26e45032937270b87548d2d215b796895057245adbb4ddbfd9ea08e1b85f2f22b9d3f9dfd6987eb3fc2796453bc9a9d202762083
-
SSDEEP
192:QqNKGqvO5JaE9LhHBdb9E9ZhoynJLNgH9Sa2tZch4s9GRmd8MFA93M3pkR:kPEhhdb9whD+d/2tQ4s9Gwd5ASc
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UAC bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Suspicious use of SetThreadContext
-