General
-
Target
c95bfa90e6d944194b787fc2bea69f1c5bf8e6acb2968442b1e132373d981306
-
Size
28KB
-
Sample
221005-z2xmbsfhfk
-
MD5
2609d2fe1548df223db36557c0da7be9
-
SHA1
04ed4ab181abf1fe593d861a3a80e81890b55182
-
SHA256
c95bfa90e6d944194b787fc2bea69f1c5bf8e6acb2968442b1e132373d981306
-
SHA512
9f71824a85c4cdc7fefde91f797bf7017ec648726e82a009c52334ab2aa5c6b6209fbfb2d677439d3674383e9755aedfedbb566acdb6f793d18105ec00b9b715
-
SSDEEP
192:XpVH9RnW5JKaEVDVE4WMdb9EVRhoynQLdgH9C2tNVRmd8MFA93M3pkR:XEo9WMdb9khumdC2tNVwd5ASc
Malware Config
Targets
-
-
Target
c95bfa90e6d944194b787fc2bea69f1c5bf8e6acb2968442b1e132373d981306
-
Size
28KB
-
MD5
2609d2fe1548df223db36557c0da7be9
-
SHA1
04ed4ab181abf1fe593d861a3a80e81890b55182
-
SHA256
c95bfa90e6d944194b787fc2bea69f1c5bf8e6acb2968442b1e132373d981306
-
SHA512
9f71824a85c4cdc7fefde91f797bf7017ec648726e82a009c52334ab2aa5c6b6209fbfb2d677439d3674383e9755aedfedbb566acdb6f793d18105ec00b9b715
-
SSDEEP
192:XpVH9RnW5JKaEVDVE4WMdb9EVRhoynQLdgH9C2tNVRmd8MFA93M3pkR:XEo9WMdb9khumdC2tNVwd5ASc
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UAC bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Suspicious use of SetThreadContext
-