General
-
Target
23b9e1f97e06b904b3f2bac19f59d1ac1c33ab06733ac2e5c1115225a6cfcc64
-
Size
1.7MB
-
Sample
230815-nqasmscd61
-
MD5
a1ddbea99afa3ef646682936931a53b6
-
SHA1
9185ca5710c7a491b2a9bd69826b029fe09edd63
-
SHA256
23b9e1f97e06b904b3f2bac19f59d1ac1c33ab06733ac2e5c1115225a6cfcc64
-
SHA512
694b70caefe99fc2a94e8935d3d58d7042c0201cdb50e18c3d62fa224a27f512be2c8b6bde539c069c21d53d81f7ae4098b9784f894cab586ac53b8fa0089e33
-
SSDEEP
24576:2OG2DRnVNPIzjXNqcmP8/meiNClX1cpVrtIGCuh8iq4SxIaKMfC17G2iqy+gsEQk:2uNPOrkNE/meiolqRtxh1g/fCQale+Hu
Malware Config
Targets
-
-
Target
23b9e1f97e06b904b3f2bac19f59d1ac1c33ab06733ac2e5c1115225a6cfcc64
-
Size
1.7MB
-
MD5
a1ddbea99afa3ef646682936931a53b6
-
SHA1
9185ca5710c7a491b2a9bd69826b029fe09edd63
-
SHA256
23b9e1f97e06b904b3f2bac19f59d1ac1c33ab06733ac2e5c1115225a6cfcc64
-
SHA512
694b70caefe99fc2a94e8935d3d58d7042c0201cdb50e18c3d62fa224a27f512be2c8b6bde539c069c21d53d81f7ae4098b9784f894cab586ac53b8fa0089e33
-
SSDEEP
24576:2OG2DRnVNPIzjXNqcmP8/meiNClX1cpVrtIGCuh8iq4SxIaKMfC17G2iqy+gsEQk:2uNPOrkNE/meiolqRtxh1g/fCQale+Hu
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-