General
-
Target
43dc1d7eeef9b4ca0d455404b12c34c8.bin
-
Size
713KB
-
Sample
230402-bv1hmsfc4s
-
MD5
f4f9222acf89ffe30ffae01db45062bb
-
SHA1
24234dfbd048cd8b15e7617efab17c2121cb2c1a
-
SHA256
3ae2b09977ad7944fd6ff36b7a3240ff9c8f8438fe1ff71db6390233663b885e
-
SHA512
ae9ee0c67d0eae8383c5bdc00b4d07a55f620c54229219f75f44f8d3b963e87d8870e93dda9714a2519bd78131c6a1997704361f3bee9e53eea8f83dc3019fc2
-
SSDEEP
12288:IXWwa4k0EclnPJ383bo3ZsiZVKNitfO3fKgoTftIPOuPBEamx81pybKCgfjNG4le:IDaeDPJeMKQuipO31ojqJPBtmxUyQlhM
Malware Config
Extracted
gh0strat
190.92.242.47
Targets
-
-
Target
a1ee855e975db8957456fc60c33eb040b7bdc2ff79dbd9799f379a4dcade71bf.exe
-
Size
802KB
-
MD5
43dc1d7eeef9b4ca0d455404b12c34c8
-
SHA1
2e618174d09b00abc16d34bff7b646e036adf253
-
SHA256
a1ee855e975db8957456fc60c33eb040b7bdc2ff79dbd9799f379a4dcade71bf
-
SHA512
b65a6542520ae094d8f9101d062339a997aa2eaed426e3aaa4c79145d97debf75062df334df4c02d874ebe15731e035bbf7b7cd0f55c248d4b6a45294c5c70c7
-
SSDEEP
24576:Sny/f9uCOXP25JiBvuXwKhbBh4iv/IVVWX77Sj+ithPW1:XF0IJSmgaVhvv/IVKyj+d
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Downloads MZ/PE file
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-