General
-
Target
1993b188bfa89dca45d1db1e55d6af3c68aa24236366c84ae82320690c4f9f5c.exe
-
Size
840KB
-
Sample
230405-m7a93aeb67
-
MD5
29134e6a1688ce88edf31e1146be282d
-
SHA1
5aea9e4de2a42900f26304bab5cf1dc6954dfc41
-
SHA256
1993b188bfa89dca45d1db1e55d6af3c68aa24236366c84ae82320690c4f9f5c
-
SHA512
9b3baba119241a7ea0fd5671ab5a967fd347b2cbb09eb90e9f63e945daae0254fce9dcf020ab035cc1f481033a0ca9cf298a7b043b96f7b65c9fd83445876a2a
-
SSDEEP
12288:VRS7sigf4wDtUDQ6DFhsQbi5VV1r39MTdpB+IuDTHjovji6DECf0TT:7SwDcvD0Qb2taTdpsIuDrjoriy0T
Malware Config
Targets
-
-
Target
1993b188bfa89dca45d1db1e55d6af3c68aa24236366c84ae82320690c4f9f5c.exe
-
Size
840KB
-
MD5
29134e6a1688ce88edf31e1146be282d
-
SHA1
5aea9e4de2a42900f26304bab5cf1dc6954dfc41
-
SHA256
1993b188bfa89dca45d1db1e55d6af3c68aa24236366c84ae82320690c4f9f5c
-
SHA512
9b3baba119241a7ea0fd5671ab5a967fd347b2cbb09eb90e9f63e945daae0254fce9dcf020ab035cc1f481033a0ca9cf298a7b043b96f7b65c9fd83445876a2a
-
SSDEEP
12288:VRS7sigf4wDtUDQ6DFhsQbi5VV1r39MTdpB+IuDTHjovji6DECf0TT:7SwDcvD0Qb2taTdpsIuDrjoriy0T
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-