General
-
Target
tmp
-
Size
29.0MB
-
Sample
230314-faqvxsfe21
-
MD5
01183611733e96c75be92bb6ec7b8323
-
SHA1
34477ef8ae560331e3e9275d706567c732b81b64
-
SHA256
6e8ed9b8970558d0b5ef5a7fa14858da0dc6ce4de663fce4b9523945e7341c00
-
SHA512
a777fc322c03ba890f951af6b4bc3f1ab7f0b8e83f301f117cdb61f251846e6482376423ceff653eb71a6e29c3c1a4e44f542265f118ff5b5d21f5937d9a2b47
-
SSDEEP
786432:6279k4Oz5i7tT4yrjoj+OCO2LLit7oikRUB:PDa5i7tjoj+XVLLC7zkRM
Malware Config
Targets
-
-
Target
tmp
-
Size
29.0MB
-
MD5
01183611733e96c75be92bb6ec7b8323
-
SHA1
34477ef8ae560331e3e9275d706567c732b81b64
-
SHA256
6e8ed9b8970558d0b5ef5a7fa14858da0dc6ce4de663fce4b9523945e7341c00
-
SHA512
a777fc322c03ba890f951af6b4bc3f1ab7f0b8e83f301f117cdb61f251846e6482376423ceff653eb71a6e29c3c1a4e44f542265f118ff5b5d21f5937d9a2b47
-
SSDEEP
786432:6279k4Oz5i7tT4yrjoj+OCO2LLit7oikRUB:PDa5i7tjoj+XVLLC7zkRM
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-