General
-
Target
5d92ac05afb5f066ef189377c8d207d72b1406be29696fd4307d67c71dc1fb05
-
Size
1.3MB
-
Sample
240417-3ylbnsbd9z
-
MD5
a1d12b0b8ba965e40b8ef58b9c7d78f9
-
SHA1
0eeb0a279abad5de4f24131c410c0e05ec10a665
-
SHA256
5d92ac05afb5f066ef189377c8d207d72b1406be29696fd4307d67c71dc1fb05
-
SHA512
b65d3d977b736a2c8a70059c5f7dc8e686091223a5277c2506bedd192a3ea57bac038d2aacf7f0669428f77db909b1d5c0f154a37c4bdcdc456077e3a9a3ce94
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNw:QHPkVOBTK
Malware Config
Targets
-
-
Target
5d92ac05afb5f066ef189377c8d207d72b1406be29696fd4307d67c71dc1fb05
-
Size
1.3MB
-
MD5
a1d12b0b8ba965e40b8ef58b9c7d78f9
-
SHA1
0eeb0a279abad5de4f24131c410c0e05ec10a665
-
SHA256
5d92ac05afb5f066ef189377c8d207d72b1406be29696fd4307d67c71dc1fb05
-
SHA512
b65d3d977b736a2c8a70059c5f7dc8e686091223a5277c2506bedd192a3ea57bac038d2aacf7f0669428f77db909b1d5c0f154a37c4bdcdc456077e3a9a3ce94
-
SSDEEP
24576:dOyHutimZ9VSly2hVvHW6qMnSbTBBhBMNw:QHPkVOBTK
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-