General
-
Target
tmp
-
Size
724KB
-
Sample
230408-mq923ach96
-
MD5
33e07ed6aa0f8ee87b39351518e24030
-
SHA1
82fc27c5319d2b7221e9bc634b6270664e48e23b
-
SHA256
a2fc5086e8669ff1f8caeaa2ed690f57fb0110a901a6029b334fac7d2fd7ae73
-
SHA512
ef9c4d5dc48e341e86e658446f50aed76e415fa32631339b59c9cb6ad61d968ec02208fe5bc4952206302fd4112ad34df5206f5196976b68539d709bac800bec
-
SSDEEP
12288:Z61KA2BJTnGeSMI/5TfyMFsTU4G8epkF9HcLAuncNurwVBaa4ycMBgtp5simQeDX:EKAEJTn6jlyU4GJpkF2lck6aa4yPYYQJ
Malware Config
Extracted
gh0strat
124.220.35.63
Targets
-
-
Target
tmp
-
Size
724KB
-
MD5
33e07ed6aa0f8ee87b39351518e24030
-
SHA1
82fc27c5319d2b7221e9bc634b6270664e48e23b
-
SHA256
a2fc5086e8669ff1f8caeaa2ed690f57fb0110a901a6029b334fac7d2fd7ae73
-
SHA512
ef9c4d5dc48e341e86e658446f50aed76e415fa32631339b59c9cb6ad61d968ec02208fe5bc4952206302fd4112ad34df5206f5196976b68539d709bac800bec
-
SSDEEP
12288:Z61KA2BJTnGeSMI/5TfyMFsTU4G8epkF9HcLAuncNurwVBaa4ycMBgtp5simQeDX:EKAEJTn6jlyU4GJpkF2lck6aa4yPYYQJ
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-