General
-
Target
9324c220867ead4a8d0d24dc888593081970c33dbc063f94f77beadbc8793639
-
Size
5.7MB
-
Sample
230322-nlmawaad9t
-
MD5
ffa7d3236dc39beeda2da5f2b0596776
-
SHA1
c1a6afa1fc069c2bf93b1dcd59a646db253720bb
-
SHA256
9324c220867ead4a8d0d24dc888593081970c33dbc063f94f77beadbc8793639
-
SHA512
5016a5e3a483abfa841d2d8f33e7fbdb96bd4bd8119ae96a05cf2c5483f7fdbd5d7c333dfed63e9b94554637adebd982296e00e5fc2a3ffba3bd75e477349e7b
-
SSDEEP
98304:53YBvx6ppDENRyHDqAVMSBEzSmwAwfSqXgRfkgO6irkr5JfEw5zbLBJoAtv8YXny:WBv4ppDSDwMSCzSvAwKXormXLjdzwJ
Malware Config
Targets
-
-
Target
9324c220867ead4a8d0d24dc888593081970c33dbc063f94f77beadbc8793639
-
Size
5.7MB
-
MD5
ffa7d3236dc39beeda2da5f2b0596776
-
SHA1
c1a6afa1fc069c2bf93b1dcd59a646db253720bb
-
SHA256
9324c220867ead4a8d0d24dc888593081970c33dbc063f94f77beadbc8793639
-
SHA512
5016a5e3a483abfa841d2d8f33e7fbdb96bd4bd8119ae96a05cf2c5483f7fdbd5d7c333dfed63e9b94554637adebd982296e00e5fc2a3ffba3bd75e477349e7b
-
SSDEEP
98304:53YBvx6ppDENRyHDqAVMSBEzSmwAwfSqXgRfkgO6irkr5JfEw5zbLBJoAtv8YXny:WBv4ppDSDwMSCzSvAwKXormXLjdzwJ
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-