General
-
Target
0a47563600d2017344126b79fea405aa00e66b2cc5efe6b39c05f02c275e8f07.exe
-
Size
1.2MB
-
Sample
230405-m5tzdsdf68
-
MD5
f360dc3dd3689f6f616424f975c9a66b
-
SHA1
d29b8903c81e15fb2a2adf82d34a82d296e4a81a
-
SHA256
0a47563600d2017344126b79fea405aa00e66b2cc5efe6b39c05f02c275e8f07
-
SHA512
1136fc23a4b4f698757614a3a0acfafe3b4e0489dd5cecf80b443ac0497429d6c2549051702adfb9b83d6f8b1be841fda0d4529972d6e6de62b2a9d8ad9f3f97
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtie:WIwgMEuy+inDfp3/XoCw57XYBwKe
Malware Config
Targets
-
-
Target
0a47563600d2017344126b79fea405aa00e66b2cc5efe6b39c05f02c275e8f07.exe
-
Size
1.2MB
-
MD5
f360dc3dd3689f6f616424f975c9a66b
-
SHA1
d29b8903c81e15fb2a2adf82d34a82d296e4a81a
-
SHA256
0a47563600d2017344126b79fea405aa00e66b2cc5efe6b39c05f02c275e8f07
-
SHA512
1136fc23a4b4f698757614a3a0acfafe3b4e0489dd5cecf80b443ac0497429d6c2549051702adfb9b83d6f8b1be841fda0d4529972d6e6de62b2a9d8ad9f3f97
-
SSDEEP
24576:HovxCwgMBqHO5ZdYXOp0nQrXctTfK+d+MrTXowFlw57XYBwJtie:WIwgMEuy+inDfp3/XoCw57XYBwKe
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-