General
-
Target
发票-资料.zip
-
Size
2.5MB
-
Sample
230313-t2xz7sdc4z
-
MD5
facf60c97d2e59e4494ea03ea59491f1
-
SHA1
63411cbf27a3b7ab1a20b928acd2eb1e084be9d4
-
SHA256
4a43060f20b5a2c811c69eee2a9e851f535c87c66918089899ec0e3709e4bc9c
-
SHA512
b4c0a703a5827ae48e6a26d0e3135387962c718dd288631c0e02cf17ee732a25c695d576c64b1c2f50e587e89a7c6a08528d56c89807fa7c64f9af7468f5bf51
-
SSDEEP
49152:knteReDUx0jYM7yYp6UcUuDnnRIvN1CKJIDWD9bFhDX481J1NFOUQa5nyCK:knGeDUmT7yYKUuNO1CUID+9bFhUu1uu+
Malware Config
Targets
-
-
Target
202331554102115001.exe
-
Size
2.6MB
-
MD5
1410468282b8d97acf1b56101f4b3e03
-
SHA1
344214f1c127e787097028898def5c2142b6cca6
-
SHA256
94f0d29ac20454f36d60659242ded64b2de01a8c4f1a87c5b09f55ca4fd3dde0
-
SHA512
8e351d32a3cead13d25565571c123c421c5f135c7c6d127a93eaa3c65e096a747373b1d6f3c9c430a170a78dc195a4ca884fc13762cacd5c9ce06bc189d79a4d
-
SSDEEP
49152:484XeFIX0bWKr8Up608UydN9VSvBlCKJE3OrhXFrDX2i3XHvnOUQm5Du6z:4peFIOxr8UcUyf+lCUE3ahXFraoHG6Rz
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-