General
-
Target
8330f862d22038099fde5faf8237b62db97a2c4c8c34fb7bf10179d3d56e8f32
-
Size
1.6MB
-
Sample
240429-ncmkaahf4v
-
MD5
977835f800411f890e27df62a3007aa0
-
SHA1
f36c6f5f2710b1b9768e2c4cbbca436128a32069
-
SHA256
8330f862d22038099fde5faf8237b62db97a2c4c8c34fb7bf10179d3d56e8f32
-
SHA512
0c3b80efb020b548d3ee48cdac5892df25840c3542429c140366abe08f9e2036ce0c80caa01f6e1995451cce4d0647cc011f187519c9b0b86d58032807b98354
-
SSDEEP
24576:NYAyyzawhZvk90l7RNbBOUHJYTUgESji6ywZFa6tIbJNS7q+SnqTlsKBxgCrl:NBuwhlyJuYTUgEYifwNW9Y2DKNB3
Malware Config
Targets
-
-
Target
8330f862d22038099fde5faf8237b62db97a2c4c8c34fb7bf10179d3d56e8f32
-
Size
1.6MB
-
MD5
977835f800411f890e27df62a3007aa0
-
SHA1
f36c6f5f2710b1b9768e2c4cbbca436128a32069
-
SHA256
8330f862d22038099fde5faf8237b62db97a2c4c8c34fb7bf10179d3d56e8f32
-
SHA512
0c3b80efb020b548d3ee48cdac5892df25840c3542429c140366abe08f9e2036ce0c80caa01f6e1995451cce4d0647cc011f187519c9b0b86d58032807b98354
-
SSDEEP
24576:NYAyyzawhZvk90l7RNbBOUHJYTUgESji6ywZFa6tIbJNS7q+SnqTlsKBxgCrl:NBuwhlyJuYTUgEYifwNW9Y2DKNB3
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-