General
-
Target
0cf208976a34f0aea8b7e24ea85c9064c3b16d9b24b0aa5888abe731d73894e9
-
Size
4.8MB
-
Sample
221019-a6yyhsecg9
-
MD5
dcdb623497b583b36b239996161ef859
-
SHA1
c174b8430d5a410e7d5d4ce858653b9d83cd5323
-
SHA256
0cf208976a34f0aea8b7e24ea85c9064c3b16d9b24b0aa5888abe731d73894e9
-
SHA512
12754b77e1151dc4ff9d62ef909bf07d7b9bbe3d0046d174943aa57e77cfbdf4c0f16b044cbe79af56898174f310e08f86d050edb6f1105e1d36f378894d1aab
-
SSDEEP
98304:kGdVyVT9nOgmhIsSAfIqtpS6Z2OdAwFhHZOhJgMze4oZqxakhL:bWT9nO7gAfjtpSMAwFh5MaZqw0
Malware Config
Targets
-
-
Target
0cf208976a34f0aea8b7e24ea85c9064c3b16d9b24b0aa5888abe731d73894e9
-
Size
4.8MB
-
MD5
dcdb623497b583b36b239996161ef859
-
SHA1
c174b8430d5a410e7d5d4ce858653b9d83cd5323
-
SHA256
0cf208976a34f0aea8b7e24ea85c9064c3b16d9b24b0aa5888abe731d73894e9
-
SHA512
12754b77e1151dc4ff9d62ef909bf07d7b9bbe3d0046d174943aa57e77cfbdf4c0f16b044cbe79af56898174f310e08f86d050edb6f1105e1d36f378894d1aab
-
SSDEEP
98304:kGdVyVT9nOgmhIsSAfIqtpS6Z2OdAwFhHZOhJgMze4oZqxakhL:bWT9nO7gAfjtpSMAwFh5MaZqw0
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Drops file in System32 directory
-