General
-
Target
7e93f915f666e9e3a9410a04255f91a6ed13df611b5768dc7dd8eedcf60d4e7e
-
Size
2.6MB
-
Sample
240515-nfyrqafa86
-
MD5
491dbf99d152359b6212b0de2e4a5a69
-
SHA1
70b81df673fd98765ce9023ca3791a6ebdbb0c8c
-
SHA256
7e93f915f666e9e3a9410a04255f91a6ed13df611b5768dc7dd8eedcf60d4e7e
-
SHA512
8f6fbe1a2535ff9c801772e846c42b4d2923a43767e27ddff09ba3d2d7396ec9fc26a2e7cba39716a6d37fc5ebe91a05f21634b6d5e29d5bd1a82341821697ba
-
SSDEEP
49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2:Vws2ANnKXOaeOgmhPTwM6mn2
Malware Config
Targets
-
-
Target
7e93f915f666e9e3a9410a04255f91a6ed13df611b5768dc7dd8eedcf60d4e7e
-
Size
2.6MB
-
MD5
491dbf99d152359b6212b0de2e4a5a69
-
SHA1
70b81df673fd98765ce9023ca3791a6ebdbb0c8c
-
SHA256
7e93f915f666e9e3a9410a04255f91a6ed13df611b5768dc7dd8eedcf60d4e7e
-
SHA512
8f6fbe1a2535ff9c801772e846c42b4d2923a43767e27ddff09ba3d2d7396ec9fc26a2e7cba39716a6d37fc5ebe91a05f21634b6d5e29d5bd1a82341821697ba
-
SSDEEP
49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2:Vws2ANnKXOaeOgmhPTwM6mn2
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-