General
-
Target
dfefe53dd6751ebb9b207f43cea8a2d6520f22f66edd171dc83a03ec8e8ca46a
-
Size
2.6MB
-
Sample
240524-bv9fjsge66
-
MD5
d88d8b6b592a17e97ae13fd3f03de064
-
SHA1
b8b1fd7baf6823fce0096a259fb06b9df190572b
-
SHA256
dfefe53dd6751ebb9b207f43cea8a2d6520f22f66edd171dc83a03ec8e8ca46a
-
SHA512
7ac5cf32b3f3bf654451cddbf2cfe01fa9f0c600abcdd9891aefc4316f5f00f687a811046f9b46c57464c3a1566af1f387b24b52c41969ef9f00605e9c20d8ac
-
SSDEEP
49152:HxTc2H2tFvduySyk6fUjuUGD0690O7XnrFgind0M9aQFoF:Ncy2LkD6fUXfWrFBd0M9aQFoF
Malware Config
Targets
-
-
Target
dfefe53dd6751ebb9b207f43cea8a2d6520f22f66edd171dc83a03ec8e8ca46a
-
Size
2.6MB
-
MD5
d88d8b6b592a17e97ae13fd3f03de064
-
SHA1
b8b1fd7baf6823fce0096a259fb06b9df190572b
-
SHA256
dfefe53dd6751ebb9b207f43cea8a2d6520f22f66edd171dc83a03ec8e8ca46a
-
SHA512
7ac5cf32b3f3bf654451cddbf2cfe01fa9f0c600abcdd9891aefc4316f5f00f687a811046f9b46c57464c3a1566af1f387b24b52c41969ef9f00605e9c20d8ac
-
SSDEEP
49152:HxTc2H2tFvduySyk6fUjuUGD0690O7XnrFgind0M9aQFoF:Ncy2LkD6fUXfWrFBd0M9aQFoF
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-