General
-
Target
95b8d4c53aab55130c8cf07e93e5661a55213c0c9d58cb8ccd7d64e1a55b5570.exe
-
Size
2.6MB
-
Sample
240524-kthe4sbg7v
-
MD5
72d62582ae4e3fd39497ccb6eca32985
-
SHA1
dfc45b3c9cd33a77a7c17d4959d9efa4f666cf23
-
SHA256
95b8d4c53aab55130c8cf07e93e5661a55213c0c9d58cb8ccd7d64e1a55b5570
-
SHA512
041732c951939c9edbead62e6aec27fa5cd549b4fcc0fe4869f9050959bb369c1ce16253a4b7d32a0f53dcf27731d1331e6cc4cff3464f695c1539991e267f6d
-
SSDEEP
49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2V:Vws2ANnKXOaeOgmhPTwM6mn2V
Malware Config
Targets
-
-
Target
95b8d4c53aab55130c8cf07e93e5661a55213c0c9d58cb8ccd7d64e1a55b5570.exe
-
Size
2.6MB
-
MD5
72d62582ae4e3fd39497ccb6eca32985
-
SHA1
dfc45b3c9cd33a77a7c17d4959d9efa4f666cf23
-
SHA256
95b8d4c53aab55130c8cf07e93e5661a55213c0c9d58cb8ccd7d64e1a55b5570
-
SHA512
041732c951939c9edbead62e6aec27fa5cd549b4fcc0fe4869f9050959bb369c1ce16253a4b7d32a0f53dcf27731d1331e6cc4cff3464f695c1539991e267f6d
-
SSDEEP
49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2V:Vws2ANnKXOaeOgmhPTwM6mn2V
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-