Extracted

• • Target

    20f4b006007defc2e71a4a3bc6ffe0cdbb5ed6f34c4e15e95d85a7cb60a76286.exe

  • Size

    29.0MB

  • MD5

    a1d493d00b15cac7425ffd0de19d9463

  • SHA1

    497a518db48f29f06ab48a11ccffa330bfaec463

  • SHA256

    20f4b006007defc2e71a4a3bc6ffe0cdbb5ed6f34c4e15e95d85a7cb60a76286

  • SHA512

    ff22f2ca217df177ca1134d137d0cd492c4000c222abb5e56aa24f79649c197ed810e481673c88d0c8507845ccd6a9ace9d1e161ebd6c5eb408e93d44f6f94e0

  • SSDEEP

    786432:H0QWKpMBUjfIJ2phRLdIHuctALrZoocXt:UQWKGBU8w1Lsh+rRUt

  Score

  10^/10

  gh0stratpurplefoxratrootkittrojan

  • Detect PurpleFox Rootkit

    Detect PurpleFox Rootkit.

    rootkit

  • Gh0st RAT payload

  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat

  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2