General
-
Target
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
Size
2.5MB
-
Sample
230804-k8hpesbd9s
-
MD5
38553a823bde3824691e7c3bf08309de
-
SHA1
7ba0ce2e08d992ed2dbfabab83861e0da5b813df
-
SHA256
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
SHA512
4f647eeeb597b8c6cfc318c9a5c2900b8b1ac9011677439abf62efa218b820eef9ea2cd98f8628c557e2c0d7929640d5f05ea261cc591297ac2ca666590c3f5e
-
SSDEEP
49152:cm0uO5/cdiapdKHBo56c6om1UngfRYpFcNfWalP4NKx3emJqVskRDZ5cNusET:X9O5sCaP6onl0NfWalP623XqV5Dk/ET
Malware Config
Targets
-
-
Target
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
Size
2.5MB
-
MD5
38553a823bde3824691e7c3bf08309de
-
SHA1
7ba0ce2e08d992ed2dbfabab83861e0da5b813df
-
SHA256
dc3cced7b0d786238e59a110a0eeffac8d0d7a63c185bf876f75676822a45f3f
-
SHA512
4f647eeeb597b8c6cfc318c9a5c2900b8b1ac9011677439abf62efa218b820eef9ea2cd98f8628c557e2c0d7929640d5f05ea261cc591297ac2ca666590c3f5e
-
SSDEEP
49152:cm0uO5/cdiapdKHBo56c6om1UngfRYpFcNfWalP4NKx3emJqVskRDZ5cNusET:X9O5sCaP6onl0NfWalP623XqV5Dk/ET
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-