General
-
Target
2f720e00e867cdcf85d25d8e376d1b84.exe
-
Size
15.0MB
-
Sample
221014-p3gx6adea8
-
MD5
2f720e00e867cdcf85d25d8e376d1b84
-
SHA1
c908a940f494ef225b07e4357ee073b9b9d31937
-
SHA256
0a06a6d30c526cbc7cf06800d016d00aed30e37f549629086a98e2a1b6500d17
-
SHA512
aad356187eeeaf2043b66e9ceeb08a6cf8cbaf5719870f69f5e9dfbb8797653fb213d436bd0507ae79b54ac896d448c758899f072cc3c76c73ecced50f540130
-
SSDEEP
393216:YnCvTMWhNK1p2xDO1S205Wn57MPmnVsgWCLT1MT3Re0gyf28oo:YCvz412C3n5ciVsgWGqLRbgy+Po
Malware Config
Targets
-
-
Target
2f720e00e867cdcf85d25d8e376d1b84.exe
-
Size
15.0MB
-
MD5
2f720e00e867cdcf85d25d8e376d1b84
-
SHA1
c908a940f494ef225b07e4357ee073b9b9d31937
-
SHA256
0a06a6d30c526cbc7cf06800d016d00aed30e37f549629086a98e2a1b6500d17
-
SHA512
aad356187eeeaf2043b66e9ceeb08a6cf8cbaf5719870f69f5e9dfbb8797653fb213d436bd0507ae79b54ac896d448c758899f072cc3c76c73ecced50f540130
-
SSDEEP
393216:YnCvTMWhNK1p2xDO1S205Wn57MPmnVsgWCLT1MT3Re0gyf28oo:YCvz412C3n5ciVsgWGqLRbgy+Po
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Drops file in System32 directory
-