General
-
Target
d0131a5e55b3d7c6b1cb0f5b49c0a673356746b27813b2f9f1af063d3f128cea
-
Size
3.3MB
-
Sample
240311-q9qz3scd5w
-
MD5
69ea2a13d168a1bf70e098f53dfd44bc
-
SHA1
e48a4020befaa0884551ecd91fc317e505e2edc3
-
SHA256
d0131a5e55b3d7c6b1cb0f5b49c0a673356746b27813b2f9f1af063d3f128cea
-
SHA512
77127fb72f96ef1101b2e1036ca3836ba0865b0fb055acbbf34b58e7676055d7c2063a3e9cc06ae41e6d4fb8b010b7508f4efe6c5049f9a14b43dd102f1605af
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN8I:QHPkVOBTKj
Malware Config
Targets
-
-
Target
d0131a5e55b3d7c6b1cb0f5b49c0a673356746b27813b2f9f1af063d3f128cea
-
Size
3.3MB
-
MD5
69ea2a13d168a1bf70e098f53dfd44bc
-
SHA1
e48a4020befaa0884551ecd91fc317e505e2edc3
-
SHA256
d0131a5e55b3d7c6b1cb0f5b49c0a673356746b27813b2f9f1af063d3f128cea
-
SHA512
77127fb72f96ef1101b2e1036ca3836ba0865b0fb055acbbf34b58e7676055d7c2063a3e9cc06ae41e6d4fb8b010b7508f4efe6c5049f9a14b43dd102f1605af
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMN8I:QHPkVOBTKj
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-