General
-
Target
0ca63fde775ad7f10207dfe7f562825cc00aec28fca80cd8068aa440ab08a939
-
Size
4.0MB
-
Sample
230807-jag5kafd5v
-
MD5
cdbde1388ff90fced07072d2f90adc00
-
SHA1
645fb7425fd1ef658caac8a3a83a6aad468eeb86
-
SHA256
0ca63fde775ad7f10207dfe7f562825cc00aec28fca80cd8068aa440ab08a939
-
SHA512
f1bfd63afaecf72399a089ac6a48675bec2e6a3c1456c99f8b1ca85e83f970db4cc4a185ce7664b7708cbec8de89885165534833c518c9ebe2e8e30f3057c28e
-
SSDEEP
49152:fCwsbCANnKXferL7Vwe/Gg0P+WhEoXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:Kws2ANnKXOaeOgmhRvycBr
Malware Config
Targets
-
-
Target
0ca63fde775ad7f10207dfe7f562825cc00aec28fca80cd8068aa440ab08a939
-
Size
4.0MB
-
MD5
cdbde1388ff90fced07072d2f90adc00
-
SHA1
645fb7425fd1ef658caac8a3a83a6aad468eeb86
-
SHA256
0ca63fde775ad7f10207dfe7f562825cc00aec28fca80cd8068aa440ab08a939
-
SHA512
f1bfd63afaecf72399a089ac6a48675bec2e6a3c1456c99f8b1ca85e83f970db4cc4a185ce7664b7708cbec8de89885165534833c518c9ebe2e8e30f3057c28e
-
SSDEEP
49152:fCwsbCANnKXferL7Vwe/Gg0P+WhEoXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:Kws2ANnKXOaeOgmhRvycBr
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-