General
-
Target
3f2c2e5680e9135f9e90eb740c060f460c745101ffd3e20b62ee1369f9c85b60
-
Size
1.2MB
-
Sample
240419-cqfs4sfb2t
-
MD5
f25479af64d510a32d5605aed692cd83
-
SHA1
2903c6df6d67c6b225dbd8f3d36407d21c7facb1
-
SHA256
3f2c2e5680e9135f9e90eb740c060f460c745101ffd3e20b62ee1369f9c85b60
-
SHA512
2a8d842320ffbe1c09cbc28b3abeece42c4180621c51b999c29fb2e292553cc55ac333585676d14cd6be3b2f6d517e8aefd5a978c843eb2f2f596c547af93c97
-
SSDEEP
24576:o09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+MwpeGI4HA/:o09XJt4HIN2H2tFvduySdpe/
Malware Config
Targets
-
-
Target
3f2c2e5680e9135f9e90eb740c060f460c745101ffd3e20b62ee1369f9c85b60
-
Size
1.2MB
-
MD5
f25479af64d510a32d5605aed692cd83
-
SHA1
2903c6df6d67c6b225dbd8f3d36407d21c7facb1
-
SHA256
3f2c2e5680e9135f9e90eb740c060f460c745101ffd3e20b62ee1369f9c85b60
-
SHA512
2a8d842320ffbe1c09cbc28b3abeece42c4180621c51b999c29fb2e292553cc55ac333585676d14cd6be3b2f6d517e8aefd5a978c843eb2f2f596c547af93c97
-
SSDEEP
24576:o09tv9/7JtDElDEExIko2H2HESq2eWJ6MQjySjy+MwpeGI4HA/:o09XJt4HIN2H2tFvduySdpe/
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-