General
-
Target
Mango Desktop (2).rar
-
Size
4.1MB
-
Sample
230207-mxawjsbb89
-
MD5
e110caa67d585ba1d1cf49c6fb479bd9
-
SHA1
73c02297643e5d25e826b72c782c55c80b3dca27
-
SHA256
f7fc62d444a2653b7383ef64b80844343c3093871e9106672380ff3cd023378f
-
SHA512
c94716ae00381979a52647d00f3c395783920f2140ec023bfae522dc1c5289171fa19c6d1e485fb6c0b2cd392e0f57c30be9d80e4c849c6fd482c0c2f197b6b9
-
SSDEEP
98304:lVuCQJTHrHuopYB80hTdBuW+Vm2KNi33diyOIbfzBUeaLJ0iUFVHY:lVunJ70+3b33oKDzBQ4FVHY
Malware Config
Targets
-
-
Target
Xyaqr.exe
-
Size
3.2MB
-
MD5
87c5e0f53c91eede45c1f174bc8e26b0
-
SHA1
10fc03c9eb96a601f276357c49e8c04d67063105
-
SHA256
21cf04c2368e5ee49ab40cc235485303b349578f86d7a065df70a853244e3319
-
SHA512
03ad612cad0344c0dfa4fde4ec401dc0185b408830b1a5e34771f31cdb4fa9dc0f80375a09e192a662c07a113db699c96e7a4599bc60d1652ad8f8394a42c62a
-
SSDEEP
98304:rbW6VZ9SvsOr6smdNsD38AzwcFWX2w70W:HHVvOrxmd3AzpC
Score3/10 -
-
-
Target
fgjgggjMN1111.exe.exe
-
Size
1.5MB
-
MD5
7405082e87ff77244b801dec4fd06417
-
SHA1
1900c2b4eb610855f91affb6e03610248752468f
-
SHA256
d9a40d8ebbcd267eadb7a916b6d4dbf6e989cabf3cc5408b34f0d589c505a044
-
SHA512
d98ed05094ea887c423aec47abab3552fb84eba0763f57a7049fb76e9fdaccc2032f5c9dd9874cb9c3e8a36321ac02db34db26b75b2bacd35fe2bc5c4846aed4
-
SSDEEP
24576:Dq5Nj9d4E5Kt006Q9dhkailG7RIvyAOr+3c71GU6r/HqXeSIU+H9pl9:erj92AK7UlG7hA4Wc7AU6r/KXqUQpX
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-