General
-
Target
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
Size
32KB
-
Sample
221012-r2gxwafghp
-
MD5
b1a76512bd2449210a38aad628f5e1a3
-
SHA1
e2d5c4629742a37579eba17c722fd8177ea4a410
-
SHA256
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
SHA512
24f6d10f7110e6b4855e6410384bdca6b37fe47b98c5a4001faccb7b8817dd961b06dc4eac1ead4989782413aff942f1d4adb2b5f286a310cd9bfe355a5eb46b
-
SSDEEP
192:60hg42Nzd2GQ/0jqEtJ2KLNGEt2hoynrLEgH9e2tnwRmd8MFA93M3pkR:60CvNwRtONGThlNde2tnwwd5ASc
Malware Config
Targets
-
-
Target
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
Size
32KB
-
MD5
b1a76512bd2449210a38aad628f5e1a3
-
SHA1
e2d5c4629742a37579eba17c722fd8177ea4a410
-
SHA256
31187424e25004f7580b8defbe516ab09a6e5a4eb9e39ab1721279c5ecce8399
-
SHA512
24f6d10f7110e6b4855e6410384bdca6b37fe47b98c5a4001faccb7b8817dd961b06dc4eac1ead4989782413aff942f1d4adb2b5f286a310cd9bfe355a5eb46b
-
SSDEEP
192:60hg42Nzd2GQ/0jqEtJ2KLNGEt2hoynrLEgH9e2tnwRmd8MFA93M3pkR:60CvNwRtONGThlNde2tnwwd5ASc
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UAC bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Suspicious use of SetThreadContext
-