General
-
Target
35a9c0c8847161exeexe_JC.exe
-
Size
2.2MB
-
Sample
230715-l8mh2she69
-
MD5
35a9c0c8847161324ecf7c9df3bdaedf
-
SHA1
fa304278f53768276b4414a6ead9111e88a9e4b1
-
SHA256
7af87290191301f21c288c859dc3b84c88d0bc3e064ef0dab3e3ff80a79e5ae0
-
SHA512
5d04268a7d6c4271e44eb6301ec1c7cf181e8d0273a76f0ef3d992da57df9c0bbc91b58806d43bd67a79ad8ef4771edc2d4b55047e84cc258426c7a96f930191
-
SSDEEP
49152:i09XJt4HIN2H2tFvduySFDmn2a4uwd4XkYe:DZJt4HINy2LkFDmn2buwGXkR
Malware Config
Targets
-
-
Target
35a9c0c8847161exeexe_JC.exe
-
Size
2.2MB
-
MD5
35a9c0c8847161324ecf7c9df3bdaedf
-
SHA1
fa304278f53768276b4414a6ead9111e88a9e4b1
-
SHA256
7af87290191301f21c288c859dc3b84c88d0bc3e064ef0dab3e3ff80a79e5ae0
-
SHA512
5d04268a7d6c4271e44eb6301ec1c7cf181e8d0273a76f0ef3d992da57df9c0bbc91b58806d43bd67a79ad8ef4771edc2d4b55047e84cc258426c7a96f930191
-
SSDEEP
49152:i09XJt4HIN2H2tFvduySFDmn2a4uwd4XkYe:DZJt4HINy2LkFDmn2buwGXkR
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-