General
-
Target
10a6f27bfe7df6468b513c699e340ce653d57780122281936f81a0de3e908a8b
-
Size
1MB
-
Sample
230129-z8qgladc67
-
MD5
c09967bc3cf34135daa7d1b03f18f19c
-
SHA1
207cc7b44ccb8714117ff5aa093d72c688124514
-
SHA256
10a6f27bfe7df6468b513c699e340ce653d57780122281936f81a0de3e908a8b
-
SHA512
7d83027ba35833270a418342892a720d7701ea7ef8fc8d114994d1226aea0ee069ed3949796034fc7bbd410102da598dbe9249b859627b707cc3613ca63fed51
-
SSDEEP
12288:CKY/1o26kw6BEVNsa4gOYKikqiCUDqgsX+QOpda8RUTMfgVSl54DeSWKVJLlqX7l:36BA5+J/aQgVSlarWMWieUU
Malware Config
Targets
-
-
Target
10a6f27bfe7df6468b513c699e340ce653d57780122281936f81a0de3e908a8b
-
Size
1MB
-
MD5
c09967bc3cf34135daa7d1b03f18f19c
-
SHA1
207cc7b44ccb8714117ff5aa093d72c688124514
-
SHA256
10a6f27bfe7df6468b513c699e340ce653d57780122281936f81a0de3e908a8b
-
SHA512
7d83027ba35833270a418342892a720d7701ea7ef8fc8d114994d1226aea0ee069ed3949796034fc7bbd410102da598dbe9249b859627b707cc3613ca63fed51
-
SSDEEP
12288:CKY/1o26kw6BEVNsa4gOYKikqiCUDqgsX+QOpda8RUTMfgVSl54DeSWKVJLlqX7l:36BA5+J/aQgVSlarWMWieUU
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation