General
-
Target
9ebc9d4412e2253c4b84d47dc089a197958228cfb03976f5003ffcb49baf111f
-
Size
611KB
-
Sample
221101-jarc8sabcp
-
MD5
6ef7cdd505f24cd5db3fbf92af9d8d1d
-
SHA1
23a4f46bb6f2c9aa97f9b946b8b7c36d1b38c376
-
SHA256
9ebc9d4412e2253c4b84d47dc089a197958228cfb03976f5003ffcb49baf111f
-
SHA512
9ca88902a5de60f11c65523168fb350048cdf75a11c653dd771dfc877437aa526f9a553c2ad0aa32951dc32ec0388de5b27fa9fe3ce3c73fddaf1ddf29c6e234
-
SSDEEP
12288:KhEceOnCN6/O58lF/5Do7xIMTY9kQqGatWN8I71tAe9lMJEmpFwrx6BpFpnQ:Kos/I8lFxDouQY+LQB1tqF0epFpQ
Malware Config
Targets
-
-
Target
i.exe
-
Size
3MB
-
MD5
365d7fdc34a8c57a60a4d1cd548e507b
-
SHA1
eb635b6e7fa6fe1e3a83026fd47c87bc78753006
-
SHA256
cf2667a5f76796a5ccc9995582737765e20eaf53b70b3688885974877f1d2d75
-
SHA512
ca7e0f0c3aa1034b90bb613908eac6f1aeb443b5dccb4c0c5d315747baa2843b67cfee3ae020c68c9a7cd7e9f197a5a870936f382c1e252aa12333396e403bf2
-
SSDEEP
12288:ny4zXZXBJ+LgSRQTy3pFjIwUOIojNoEFjwqIHGRGvFvaPw+3Y12wW:vrJ+LgTTy3pFjIwUOPVFjv8dvaPNI4D
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation