General
-
Target
cf8609c578142cb428dd85fd0bd94a3e7a245a1649fd94210e870dc2fd3126ec
-
Size
1.3MB
-
Sample
231105-q5ca5afd31
-
MD5
84fac2b10afdd0799088e289be2db34c
-
SHA1
33d806d0d4319a9016e6ce8a0f35c0d4c1da2696
-
SHA256
cf8609c578142cb428dd85fd0bd94a3e7a245a1649fd94210e870dc2fd3126ec
-
SHA512
a6e00d6ed57a926c2b9781bc6193d69133fb49a251f3df0d3497c5d33a41318b43aca3dc0e75c019ba61d409f029adee639922bc2e6c498b060e48bbcde55466
-
SSDEEP
24576:8OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrGF:tHPkVOBTKKF
Malware Config
Targets
-
-
Target
cf8609c578142cb428dd85fd0bd94a3e7a245a1649fd94210e870dc2fd3126ec
-
Size
1.3MB
-
MD5
84fac2b10afdd0799088e289be2db34c
-
SHA1
33d806d0d4319a9016e6ce8a0f35c0d4c1da2696
-
SHA256
cf8609c578142cb428dd85fd0bd94a3e7a245a1649fd94210e870dc2fd3126ec
-
SHA512
a6e00d6ed57a926c2b9781bc6193d69133fb49a251f3df0d3497c5d33a41318b43aca3dc0e75c019ba61d409f029adee639922bc2e6c498b060e48bbcde55466
-
SSDEEP
24576:8OyHutimZ9VSly2hVvHW6qMnSbTBBhBMNrGF:tHPkVOBTKKF
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-