General
-
Target
8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c
-
Size
1MB
-
Sample
221218-xmpbasdd47
-
MD5
6ab50f779474b8c5b42a3465e4a8c9a6
-
SHA1
fb61c0b0a4128023861f5a19db53a4e71d1b5fa1
-
SHA256
8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c
-
SHA512
5673949a5ef8b0d5bc2eb61dbbbfbbaf500c9e0ca7cb6e1f70d524a86ce8341fdd7aa4e7c1febbde39d951207fb1b9a3161c970eace10872748352050240a4f4
-
SSDEEP
12288:fTldOhSO4HIhLXlppgctit9NQDW70oLrOPi7mMhkb8vVXvdHNIuW3iuMBMY9S:fTldivbpgj/7Nr9KbmdtfW/MBMY9S
Malware Config
Targets
-
-
Target
8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c
-
Size
1MB
-
MD5
6ab50f779474b8c5b42a3465e4a8c9a6
-
SHA1
fb61c0b0a4128023861f5a19db53a4e71d1b5fa1
-
SHA256
8cd1ac315b5fcd0c775c3fe102965250439174650dabe30832ffb8779c160b6c
-
SHA512
5673949a5ef8b0d5bc2eb61dbbbfbbaf500c9e0ca7cb6e1f70d524a86ce8341fdd7aa4e7c1febbde39d951207fb1b9a3161c970eace10872748352050240a4f4
-
SSDEEP
12288:fTldOhSO4HIhLXlppgctit9NQDW70oLrOPi7mMhkb8vVXvdHNIuW3iuMBMY9S:fTldivbpgj/7Nr9KbmdtfW/MBMY9S
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation