Overview

overview

10

Static

static

10

1424-62-0x...ry.exe

windows7-x64

1424-62-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1424-62-0x0000000000400000-0x000000000060E000-memory.dmp

  • Size

    2.1MB

  • MD5

    63723d68e6d34f659e5c5f92d037e53b

  • SHA1

    d73c94759fc6d84917c2ca3384cf6dc76c932983

  • SHA256

    e40747eb9b573dc7fa133f71091285f8d6fd6dce6109c37d4bbecd791f5f317a

  • SHA512

    1279f66ca95fadea4e09b7ebcf826b5f198eb21da114ceaaed626dda7cd8edb7e133a2d8ebc71a71020e5f975e6b14b1cd25e7f38c691c933f878b78a48b9b03

  • SSDEEP

    24576:qO9k7NRXK/3FYFuBCy3oNabo0iSD1gAdGM/gtM5/GfHKMwMtRm8qEgurHEr35wZz:NdAcw2TCL5woTpE/WwDI7vxB

Score
10/10
rootkitgh0stratpurplefox

Malware Config

Extracted

Family

gh0strat

C2

192.253.237.20

Signatures

  • Detect PurpleFox Rootkit 1 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 1 IoCs
  • Gh0strat family
    gh0strat
  • Purplefox family
    purplefox

Files

  • 1424-62-0x0000000000400000-0x000000000060E000-memory.dmp
    .exe windows x86


    Headers

    Sections