General
-
Target
5284b41a942a7ce0db09733b3fae7fce6c786655925f1f3b00af0ea6dc962994
-
Size
16KB
-
Sample
230403-r71xyaha8y
-
MD5
4b93403aa76bc215e41544050406b18f
-
SHA1
8667a7098d119e9da706a135836c4f3e55872f17
-
SHA256
5284b41a942a7ce0db09733b3fae7fce6c786655925f1f3b00af0ea6dc962994
-
SHA512
883a40659012ec0b4678edf576b30e4936725bf1d9d802a30aa8d91fd7e61b5d8987003fc10c20629a8c0894ae2815077f96b1a798523a193bc5e22c3178d3dd
-
SSDEEP
192:1OIt31YVamI3X3PGR6yIM402ZJZ8d9iiiiiiiTSNNVJ8im6XS+XSyyd:1V91fm4nPG57qjCdiwNVvSmSy
Malware Config
Targets
-
-
Target
5284b41a942a7ce0db09733b3fae7fce6c786655925f1f3b00af0ea6dc962994
-
Size
16KB
-
MD5
4b93403aa76bc215e41544050406b18f
-
SHA1
8667a7098d119e9da706a135836c4f3e55872f17
-
SHA256
5284b41a942a7ce0db09733b3fae7fce6c786655925f1f3b00af0ea6dc962994
-
SHA512
883a40659012ec0b4678edf576b30e4936725bf1d9d802a30aa8d91fd7e61b5d8987003fc10c20629a8c0894ae2815077f96b1a798523a193bc5e22c3178d3dd
-
SSDEEP
192:1OIt31YVamI3X3PGR6yIM402ZJZ8d9iiiiiiiTSNNVJ8im6XS+XSyyd:1V91fm4nPG57qjCdiwNVvSmSy
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Blocklisted process makes network request
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-