Overview

overview

10

Static

static

3

28126b43d0...9f.exe

windows7-x64

10

28126b43d0...9f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    252s
  • max time network
    307s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 13:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f.exe

  • Size

    1.4MB

  • MD5

    c062661f3c6ab0105d084ed02f5878c9

  • SHA1

    fd17b4c1582e5c70884ef000536959471fe6b6c8

  • SHA256

    28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f

  • SHA512

    a4202b46e27957e0ffb147384cf74f35a974b59a5276c3e1ab9e397d22ec13fc1c56ac8a792554e4745c1a89ca8071bc872a7491e1803a57cd8d8ef17a0026eb

  • SSDEEP

    24576:F39WaOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN:598HPkVOBTK

Score
10/10
gh0stratpurplefoxratrootkittrojan

Malware Config

Signatures

  • Detect PurpleFox Rootkit 1 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f.exe
    "C:\Users\Admin\AppData\Local\Temp\28126b43d05a3b023c6495790eb51fd7f62955a9aa87b47201f0e7b3ccac9a9f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1060

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1060-0-0x0000000010000000-0x000000001019F000-memory.dmp

          Filesize

          1.6MB

          Download