General
-
Target
35974873a02e6bb71b7d10a3c280e9bed19f656d094741c991475dab91099620.zip
-
Size
610KB
-
Sample
230321-rytghabb77
-
MD5
acaa60a1ed958c5e695b72ab08a85886
-
SHA1
b0ec365c4c7ba6bdffb4049393d65c6241086a7c
-
SHA256
9ec5732c2a46cc3b7efe5d611ae4c9ac8fe5e235eb22a6a6d3e29993c1ac93c3
-
SHA512
d5ae18d7f189bfdeeb364f027f456b6d9ba10c7c7d7fb90805118bc266d53b1f64d8022d6cd3276e2f6081b35d9886802d5fe462a7c87e03f49b2f815b35643f
-
SSDEEP
12288:mjeSjIjSeeaKsdSHJLvWN6Oj/DhywCTZgMrJX0izhUxlqKzU6o2ar2BUzoGRXr:IeeedCvGzj/DhQgMVX0iNGqKzK26oOr
Malware Config
Extracted
gh0strat
134.175.221.86
Targets
-
-
Target
35974873a02e6bb71b7d10a3c280e9bed19f656d094741c991475dab91099620.exe
-
Size
621KB
-
MD5
ac0ae3f1dcb228ead83ea9e2ef8668bb
-
SHA1
c9314ca68f7dbb5257e8754520bebf7a49ec3d34
-
SHA256
35974873a02e6bb71b7d10a3c280e9bed19f656d094741c991475dab91099620
-
SHA512
bc6b5fc5f72be505d89eadf1ecde93cff4344ab265f71bb37d35a50c8bfcedf21164c9c78894efe86e808c465bceb2b22a6986d1b876c1b7ee338804f4129db9
-
SSDEEP
12288:VODDEEuqctaY5effnWQ7x7dJsPMR1F4fWDNo5F/oJBprSqYeJGDw+125:VODoTqctaY5effnW8RDsXOvvYh1C
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-