General
-
Target
717735cf8936daeecd12f694691829fb0490450784e20bed99fc09c3814a957a
-
Size
420KB
-
Sample
221103-zq55bsfah5
-
MD5
3265ada4c9107a76c5399c6c5a6264c9
-
SHA1
600a2885904818ad7ac6ae81712ec785cfd27dce
-
SHA256
717735cf8936daeecd12f694691829fb0490450784e20bed99fc09c3814a957a
-
SHA512
eae837c8be00968dcaf389eff1a4a1a6dc76a5a11344e8546cdc67e34b9b2ff5fe1b2c2c0650bcf769324bb9b41edf3519778b6e24f6943dc04702a210dd1ec0
-
SSDEEP
6144:hEg2/FmkfKc+Mz6aEctnbbWj/VI1N5kvsWT6kRXAfAarxGEEXXUOCwKHmpvN:etUsz6aEcV6rVI/HWTxRXAoi6v
Malware Config
Targets
-
-
Target
717735cf8936daeecd12f694691829fb0490450784e20bed99fc09c3814a957a
-
Size
420KB
-
MD5
3265ada4c9107a76c5399c6c5a6264c9
-
SHA1
600a2885904818ad7ac6ae81712ec785cfd27dce
-
SHA256
717735cf8936daeecd12f694691829fb0490450784e20bed99fc09c3814a957a
-
SHA512
eae837c8be00968dcaf389eff1a4a1a6dc76a5a11344e8546cdc67e34b9b2ff5fe1b2c2c0650bcf769324bb9b41edf3519778b6e24f6943dc04702a210dd1ec0
-
SSDEEP
6144:hEg2/FmkfKc+Mz6aEctnbbWj/VI1N5kvsWT6kRXAfAarxGEEXXUOCwKHmpvN:etUsz6aEcV6rVI/HWTxRXAoi6v
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation