General
-
Target
PPPPPPPPPPPPPPP
-
Size
60KB
-
Sample
221101-an6kmsfdgl
-
MD5
94406fab156e3ed962899d6a473683c5
-
SHA1
08ef787ee7264e87abdb1933102ae94a8056a587
-
SHA256
422c3df285fbd86303eb0448583550d7584a330095c60ada442cb1beb97cf670
-
SHA512
c5ae7834d4722e7ca702258203f718a00403d76455cfe5e75743f116a4bd0c37ec33dcf89c6f779e8247519ae65e12523fe6bc7aede28a360fbf4687e1b2bba2
-
SSDEEP
768:DlH3iOcmCQkUF7Q3n8Q37RGC5fBPcKX0hT6tUTNtg3333rIX72s2H3eI2:DlHyOcmCD27c8oN5JPcQQhg3333rdX9
Malware Config
Targets
-
-
Target
PPPPPPPPPPPPPPP
-
Size
60KB
-
MD5
94406fab156e3ed962899d6a473683c5
-
SHA1
08ef787ee7264e87abdb1933102ae94a8056a587
-
SHA256
422c3df285fbd86303eb0448583550d7584a330095c60ada442cb1beb97cf670
-
SHA512
c5ae7834d4722e7ca702258203f718a00403d76455cfe5e75743f116a4bd0c37ec33dcf89c6f779e8247519ae65e12523fe6bc7aede28a360fbf4687e1b2bba2
-
SSDEEP
768:DlH3iOcmCQkUF7Q3n8Q37RGC5fBPcKX0hT6tUTNtg3333rIX72s2H3eI2:DlHyOcmCD27c8oN5JPcQQhg3333rdX9
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UAC bypass
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation