General
-
Target
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
Size
1.7MB
-
Sample
230816-cx4hraee27
-
MD5
bfc91a8472ec3c6d7d25f86aab67ec2d
-
SHA1
9ed053e0ceee4afab8dd783d335561d0581d5f3b
-
SHA256
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
SHA512
cb9583012c661b2aacede74a5063165fdb5a934137b368ff3ddf17ccdd230ef070bea128a7303a3198c10009b1eeb2e83c75529924e1141861f40dc2795c8562
-
SSDEEP
49152:YPJGmKqmJsJ64ArytAJ+N5KvCtAuevnu5l1zW3:YP4m7mROPEvC+uevuVW3
Malware Config
Targets
-
-
Target
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
Size
1.7MB
-
MD5
bfc91a8472ec3c6d7d25f86aab67ec2d
-
SHA1
9ed053e0ceee4afab8dd783d335561d0581d5f3b
-
SHA256
486a5ea78e8d8612b349d8ab6b6b45328cf4488810d15b6322c492952a1a2a92
-
SHA512
cb9583012c661b2aacede74a5063165fdb5a934137b368ff3ddf17ccdd230ef070bea128a7303a3198c10009b1eeb2e83c75529924e1141861f40dc2795c8562
-
SSDEEP
49152:YPJGmKqmJsJ64ArytAJ+N5KvCtAuevnu5l1zW3:YP4m7mROPEvC+uevuVW3
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-