Resubmissions
23-05-2024 18:26
240523-w3nh9sbg96 10General
-
Target
d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
-
Size
7.2MB
-
Sample
240523-w3nh9sbg96
-
MD5
880814a8c2304729007fa0a008587dc5
-
SHA1
1adc9fc4d58e6271f1db89187e3918bd36147887
-
SHA256
d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
-
SHA512
500dfa0d04dee632f0f6733f244e52126c5ff671c459d9705cb9507acbdaa262fbc474d72dc6459d0ce254662e8c2ca7d7afb68ca60a938a1352a9e2252e158e
-
SSDEEP
98304:9ws2ANnKXOaeOgmhM3nsmtk2aTigPzUYm9uALfprsQunQf7UORs:nKXbeO7QLKsuAdty
Malware Config
Targets
-
-
Target
d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
-
Size
7.2MB
-
MD5
880814a8c2304729007fa0a008587dc5
-
SHA1
1adc9fc4d58e6271f1db89187e3918bd36147887
-
SHA256
d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
-
SHA512
500dfa0d04dee632f0f6733f244e52126c5ff671c459d9705cb9507acbdaa262fbc474d72dc6459d0ce254662e8c2ca7d7afb68ca60a938a1352a9e2252e158e
-
SSDEEP
98304:9ws2ANnKXOaeOgmhM3nsmtk2aTigPzUYm9uALfprsQunQf7UORs:nKXbeO7QLKsuAdty
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-