General
-
Target
021b84548f007b50094c7173c42b75b78c0d3d5746a8626368d13aee3aa22df6
-
Size
6.5MB
-
Sample
231023-1dx4mafh7v
-
MD5
c99460965be14104e258655653a47c2e
-
SHA1
4e79f7b82a79e34d01718487a15bb06687da0271
-
SHA256
021b84548f007b50094c7173c42b75b78c0d3d5746a8626368d13aee3aa22df6
-
SHA512
7f16cc43fc4def76046f09eb9bec115daa984335c007ca91274b3efa69f47b65c0f6c0332604bcaee9432856acb04ae5976a38d6e73d177cfcf0671e68904832
-
SSDEEP
98304:vws2ANnKXOaeOgmhvcsSyn2kY9juXKVxPvhBMaDsJ+abPxi53J3ORVtZ7VN:ZKXbeO71Kyn36dVtYvTbPE+DVN
Malware Config
Targets
-
-
Target
021b84548f007b50094c7173c42b75b78c0d3d5746a8626368d13aee3aa22df6
-
Size
6.5MB
-
MD5
c99460965be14104e258655653a47c2e
-
SHA1
4e79f7b82a79e34d01718487a15bb06687da0271
-
SHA256
021b84548f007b50094c7173c42b75b78c0d3d5746a8626368d13aee3aa22df6
-
SHA512
7f16cc43fc4def76046f09eb9bec115daa984335c007ca91274b3efa69f47b65c0f6c0332604bcaee9432856acb04ae5976a38d6e73d177cfcf0671e68904832
-
SSDEEP
98304:vws2ANnKXOaeOgmhvcsSyn2kY9juXKVxPvhBMaDsJ+abPxi53J3ORVtZ7VN:ZKXbeO71Kyn36dVtYvTbPE+DVN
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-