General
-
Target
ba814c38e6713d63520489a5c261a8a1d14b3ca436dd2a1b68b8cb74b9670065
-
Size
1.3MB
-
Sample
231013-faa5gaga76
-
MD5
7a0d3e4ed5b71772d66ba513bdd50369
-
SHA1
463fc08fd77e368c9d449e28df4bd818477cbf76
-
SHA256
ba814c38e6713d63520489a5c261a8a1d14b3ca436dd2a1b68b8cb74b9670065
-
SHA512
b9dfc74334869220d44a57b1aeb179a08eeb315526a88a8b5c970f272fd739eb5b4b2378b45aa92ff9fe0a1a1ecfc08c283c6a8312f593bd80dc9aa5a5874c4a
-
SSDEEP
12288:cGvAQxoCyPg4fFB8SXi8rZ/BierwXJZ4fwopRQ3Ji0YS+2+eg9GR5gGlmEdkRn2/:LvAQxX49aqQ3JijUt5R8Rn2ZmAZWW
Malware Config
Targets
-
-
Target
ba814c38e6713d63520489a5c261a8a1d14b3ca436dd2a1b68b8cb74b9670065
-
Size
1.3MB
-
MD5
7a0d3e4ed5b71772d66ba513bdd50369
-
SHA1
463fc08fd77e368c9d449e28df4bd818477cbf76
-
SHA256
ba814c38e6713d63520489a5c261a8a1d14b3ca436dd2a1b68b8cb74b9670065
-
SHA512
b9dfc74334869220d44a57b1aeb179a08eeb315526a88a8b5c970f272fd739eb5b4b2378b45aa92ff9fe0a1a1ecfc08c283c6a8312f593bd80dc9aa5a5874c4a
-
SSDEEP
12288:cGvAQxoCyPg4fFB8SXi8rZ/BierwXJZ4fwopRQ3Ji0YS+2+eg9GR5gGlmEdkRn2/:LvAQxX49aqQ3JijUt5R8Rn2ZmAZWW
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-