General
-
Target
样本.zip
-
Size
1.3MB
-
Sample
230211-c8swdseh2v
-
MD5
b6d58cdc1c8fa27257a95fb5ff247ee2
-
SHA1
9ca89f691e30fcd2bc4acc2338cba7c7c58cdc6b
-
SHA256
beb3d7216a235bc05d0a098203f22c625935eb6298c7d0127c6e578fb7835bfa
-
SHA512
b807028c6930595ad437a9ee124ec431a4c64130cfcb2839c8afac24a928adc13ca7e9f7a06be963b6be1e98f634aa7659db59b197e6ca7c682edfe8d9a1f5c4
-
SSDEEP
24576:Pfe9l5EGBF1H1/iG4BJeWPUmQ97Ed0iLGgM7p6o4GoV1l9iom5EYJw4qWjG9vX6f:nNGBN6GMJeWPYBo0iLGN78oQ1l9iomNF
Malware Config
Targets
-
-
Target
.exe
-
Size
7.9MB
-
MD5
8b0366ee0ae3de23640fe35fb1fc59eb
-
SHA1
ce7ea0ec392e1ae92bb6f136320ab818b6c9c17c
-
SHA256
4c7d5872b72b27afb22881ed2c816f1310bc3a76520a7bcd9a57c9ebc55eb67d
-
SHA512
2b3a11bdded7589f7bc49741c9729a3c08a98f14b01e0770359b3d783807a58b9f99d3d55edac06141fab8e75d8705c615a45bab8d829866e122f42539c830e5
-
SSDEEP
49152:lCwsbCANnKXferL7Vwe/Gg0P+WhlD91wnyglwQm6TPt:4ws2ANnKXOaeOgmhd91wnvTmU
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-