General
-
Target
157c3b0c1d4984a44648962c8114ef5ad0bc2663229e931b4b007ae4c1bc1484
-
Size
2.3MB
-
Sample
240524-cla23ahe9x
-
MD5
e93a5c33723b782b0048dd736b3feb5e
-
SHA1
f6a24aa619da2142c73ea347783e397af359fac2
-
SHA256
157c3b0c1d4984a44648962c8114ef5ad0bc2663229e931b4b007ae4c1bc1484
-
SHA512
2222527032d5addfb45f07145a6d3e1b31b9d48c400a1eb08400d300961f527633ee248182c5367d0ea47ec344902753d1a5c3a61f1ed734daa6b4b98abc2be7
-
SSDEEP
24576:eCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH1:eCwsbCANnKXferL7Vwe/Gg0P+Wh3+
Malware Config
Targets
-
-
Target
157c3b0c1d4984a44648962c8114ef5ad0bc2663229e931b4b007ae4c1bc1484
-
Size
2.3MB
-
MD5
e93a5c33723b782b0048dd736b3feb5e
-
SHA1
f6a24aa619da2142c73ea347783e397af359fac2
-
SHA256
157c3b0c1d4984a44648962c8114ef5ad0bc2663229e931b4b007ae4c1bc1484
-
SHA512
2222527032d5addfb45f07145a6d3e1b31b9d48c400a1eb08400d300961f527633ee248182c5367d0ea47ec344902753d1a5c3a61f1ed734daa6b4b98abc2be7
-
SSDEEP
24576:eCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH1:eCwsbCANnKXferL7Vwe/Gg0P+Wh3+
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-