General
-
Target
cfd2e8c0699e734c6a8da85f3cbe9dd24efbe32376c841ac9c4ec973b66e2306
-
Size
2.7MB
-
Sample
240422-176mvsha85
-
MD5
20ea287dda7dd960d6a3b6e3f6e8ec1e
-
SHA1
7ad2dcfd6e2ec8b538c9a63d6e36bb9a02f75a8a
-
SHA256
cfd2e8c0699e734c6a8da85f3cbe9dd24efbe32376c841ac9c4ec973b66e2306
-
SHA512
c97d31e31e2f0683bc22bd5088460e846730463e588506811acb86ba5dacd394356f50e9b9f8ebdbc80016b0ff9f4ecdf99947b058cdf7a1a09db19c31dc46af
-
SSDEEP
49152:FCwsbCANnKXferL7Vwe/Gg0P+WhqS+McuG:Yws2ANnKXOaeOgmhqS+M3G
Malware Config
Targets
-
-
Target
cfd2e8c0699e734c6a8da85f3cbe9dd24efbe32376c841ac9c4ec973b66e2306
-
Size
2.7MB
-
MD5
20ea287dda7dd960d6a3b6e3f6e8ec1e
-
SHA1
7ad2dcfd6e2ec8b538c9a63d6e36bb9a02f75a8a
-
SHA256
cfd2e8c0699e734c6a8da85f3cbe9dd24efbe32376c841ac9c4ec973b66e2306
-
SHA512
c97d31e31e2f0683bc22bd5088460e846730463e588506811acb86ba5dacd394356f50e9b9f8ebdbc80016b0ff9f4ecdf99947b058cdf7a1a09db19c31dc46af
-
SSDEEP
49152:FCwsbCANnKXferL7Vwe/Gg0P+WhqS+McuG:Yws2ANnKXOaeOgmhqS+M3G
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-