General
-
Target
56b825a7950db852403a4e81bf1d3198c17c703e41e2270d9a8b9f6683b8c729
-
Size
2.8MB
-
Sample
230827-lmnh8agg58
-
MD5
2c8b43cca9c16cf0559cdfcbf0dcfa13
-
SHA1
73739e0f3eb904a1ee530af4f7b6598ff5e59748
-
SHA256
56b825a7950db852403a4e81bf1d3198c17c703e41e2270d9a8b9f6683b8c729
-
SHA512
11a420decbddf690228d5bc96a25663174fd7cb0f6d129c323b72d5ea0037b18e016d9d8afc9d1f81c43618460f05e8ce2b1455f2fb458223b7a0150e44f9be8
-
SSDEEP
49152:cjwsbCANnKXferL7Vwe/Gg0P+WhVKDmn27u:yws2ANnKXOaeOgmhVKDmn2a
Malware Config
Targets
-
-
Target
56b825a7950db852403a4e81bf1d3198c17c703e41e2270d9a8b9f6683b8c729
-
Size
2.8MB
-
MD5
2c8b43cca9c16cf0559cdfcbf0dcfa13
-
SHA1
73739e0f3eb904a1ee530af4f7b6598ff5e59748
-
SHA256
56b825a7950db852403a4e81bf1d3198c17c703e41e2270d9a8b9f6683b8c729
-
SHA512
11a420decbddf690228d5bc96a25663174fd7cb0f6d129c323b72d5ea0037b18e016d9d8afc9d1f81c43618460f05e8ce2b1455f2fb458223b7a0150e44f9be8
-
SSDEEP
49152:cjwsbCANnKXferL7Vwe/Gg0P+WhVKDmn27u:yws2ANnKXOaeOgmhVKDmn2a
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-