General
-
Target
0019ba2380da91906eee1d451a96e9f5380dd47b49a6c47fad5a925ffb88e1d7
-
Size
48KB
-
Sample
231225-vjwvvscga9
-
MD5
e9b0561b1afdac1950d1bad4b0dae563
-
SHA1
082d81492c425509fe767e9280348416cbe7cfc1
-
SHA256
0019ba2380da91906eee1d451a96e9f5380dd47b49a6c47fad5a925ffb88e1d7
-
SHA512
3240202e935e3be422bc9459f2e0b62daa1935bddda05cbac3e37994943627ddb8077ac111ba614c3890d61814f1d622f74c8ceb33529589f613c30a252a2cfb
-
SSDEEP
384:hxLwV9ivX9+41d3zOvoeqYpwh9Ajledy3YWiDxlZvsrx2FndiTEIlKk:hBa9qX93lzOG9hglR3lenZv9iRs
Malware Config
Targets
-
-
Target
0019ba2380da91906eee1d451a96e9f5380dd47b49a6c47fad5a925ffb88e1d7
-
Size
48KB
-
MD5
e9b0561b1afdac1950d1bad4b0dae563
-
SHA1
082d81492c425509fe767e9280348416cbe7cfc1
-
SHA256
0019ba2380da91906eee1d451a96e9f5380dd47b49a6c47fad5a925ffb88e1d7
-
SHA512
3240202e935e3be422bc9459f2e0b62daa1935bddda05cbac3e37994943627ddb8077ac111ba614c3890d61814f1d622f74c8ceb33529589f613c30a252a2cfb
-
SSDEEP
384:hxLwV9ivX9+41d3zOvoeqYpwh9Ajledy3YWiDxlZvsrx2FndiTEIlKk:hBa9qX93lzOG9hglR3lenZv9iRs
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-