General
-
Target
8dd1de71d1ce4eb07ac058eafcb040fd30d349c515ad0b9d0d7d49760a83339b
-
Size
374KB
-
Sample
240517-k9jm4sbe95
-
MD5
1edcf2c5455feeebfaaa9469bc98a8be
-
SHA1
09f9bf59e85bea29c629d9efbeb05ac4bf5b0f1b
-
SHA256
8dd1de71d1ce4eb07ac058eafcb040fd30d349c515ad0b9d0d7d49760a83339b
-
SHA512
384041b8f4943f1c651611304f84216b68d8ff9800512446dc35552d23557a46b176e436a26e35156b05038ae2f7dca5d175a9d19dc4d4e453f526e576436cbd
-
SSDEEP
6144:NjO+L1Czkq7KTW1Dl/saQ9rtYm3okqoBSpH50KcddsVRZdaiYviQJqOC5WpQwmB:ZMzpOTY+JzYmE7R55udm7U5JTswe
Malware Config
Targets
-
-
Target
8dd1de71d1ce4eb07ac058eafcb040fd30d349c515ad0b9d0d7d49760a83339b
-
Size
374KB
-
MD5
1edcf2c5455feeebfaaa9469bc98a8be
-
SHA1
09f9bf59e85bea29c629d9efbeb05ac4bf5b0f1b
-
SHA256
8dd1de71d1ce4eb07ac058eafcb040fd30d349c515ad0b9d0d7d49760a83339b
-
SHA512
384041b8f4943f1c651611304f84216b68d8ff9800512446dc35552d23557a46b176e436a26e35156b05038ae2f7dca5d175a9d19dc4d4e453f526e576436cbd
-
SSDEEP
6144:NjO+L1Czkq7KTW1Dl/saQ9rtYm3okqoBSpH50KcddsVRZdaiYviQJqOC5WpQwmB:ZMzpOTY+JzYmE7R55udm7U5JTswe
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-