General
-
Target
0bdbdf937ea23343e682aff6f74e270a243310c67f0c0bd9a4dc60c5e103b74a.exe
-
Size
2.7MB
-
Sample
230405-m5ymksfg4v
-
MD5
edfc28b8faf41bb5b6f9f29d70fa77cc
-
SHA1
d7986e6cd1c2bd832de025bb9c9919859ae3b6e6
-
SHA256
0bdbdf937ea23343e682aff6f74e270a243310c67f0c0bd9a4dc60c5e103b74a
-
SHA512
8a9b5629789267208e545bafc607df95333dc53513ce156d8baa79fe0e1d40d7e5a7ed4cc046f13b07d372197f310a787c659094a7eb7b511f180e5b6861763e
-
SSDEEP
24576:ACwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH7:ACwsbCANnKXferL7Vwe/Gg0P+WhdwmP+
Malware Config
Targets
-
-
Target
0bdbdf937ea23343e682aff6f74e270a243310c67f0c0bd9a4dc60c5e103b74a.exe
-
Size
2.7MB
-
MD5
edfc28b8faf41bb5b6f9f29d70fa77cc
-
SHA1
d7986e6cd1c2bd832de025bb9c9919859ae3b6e6
-
SHA256
0bdbdf937ea23343e682aff6f74e270a243310c67f0c0bd9a4dc60c5e103b74a
-
SHA512
8a9b5629789267208e545bafc607df95333dc53513ce156d8baa79fe0e1d40d7e5a7ed4cc046f13b07d372197f310a787c659094a7eb7b511f180e5b6861763e
-
SSDEEP
24576:ACwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH7:ACwsbCANnKXferL7Vwe/Gg0P+WhdwmP+
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-