General
-
Target
458ea3b8afa9c55a97e66ccbfc2a6101079e2332650670cf73577021aaa9bc46
-
Size
1.7MB
-
Sample
240523-j9czwsaf5z
-
MD5
d9fb60d2c07b259f220b7c60f044609b
-
SHA1
7803fae3c9340e3c89894e8e5c8e14acc7683cd8
-
SHA256
458ea3b8afa9c55a97e66ccbfc2a6101079e2332650670cf73577021aaa9bc46
-
SHA512
16b10650fd68d55900b0f132e2bd6e3aee9ba37408371ecc0bbb596a8e234b82113cb5717651c19e11d430317282ccc176a7e90d73062b92a2683c49e6b25c0f
-
SSDEEP
49152:S09XJt4HIN2H2tFvduySt3ZPItx2apeapelI:zZJt4HINy2LkgtUvlI
Malware Config
Targets
-
-
Target
458ea3b8afa9c55a97e66ccbfc2a6101079e2332650670cf73577021aaa9bc46
-
Size
1.7MB
-
MD5
d9fb60d2c07b259f220b7c60f044609b
-
SHA1
7803fae3c9340e3c89894e8e5c8e14acc7683cd8
-
SHA256
458ea3b8afa9c55a97e66ccbfc2a6101079e2332650670cf73577021aaa9bc46
-
SHA512
16b10650fd68d55900b0f132e2bd6e3aee9ba37408371ecc0bbb596a8e234b82113cb5717651c19e11d430317282ccc176a7e90d73062b92a2683c49e6b25c0f
-
SSDEEP
49152:S09XJt4HIN2H2tFvduySt3ZPItx2apeapelI:zZJt4HINy2LkgtUvlI
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-