General
-
Target
fe15275ee5520d67f42a647129159397750c0d0a9afaedbd30e16f42b559de52
-
Size
2.7MB
-
Sample
240524-mw2b4sed36
-
MD5
5175ed48be1add22df841734d0437f80
-
SHA1
f2e00cfcb403039b5e103ae04c6816f27f7f8ac0
-
SHA256
fe15275ee5520d67f42a647129159397750c0d0a9afaedbd30e16f42b559de52
-
SHA512
82d469a2269afc93d4c9f821228647c05dbadaa7be9983c90990e623f4880798f9fef40193e6e8669e199a1a768850375d1d793e483506363423a4583e230bc6
-
SSDEEP
49152:iCwsbCANnKXferL7Vwe/Gg0P+Wh0MYdF6n:lws2ANnKXOaeOgmh0MyF6n
Malware Config
Targets
-
-
Target
fe15275ee5520d67f42a647129159397750c0d0a9afaedbd30e16f42b559de52
-
Size
2.7MB
-
MD5
5175ed48be1add22df841734d0437f80
-
SHA1
f2e00cfcb403039b5e103ae04c6816f27f7f8ac0
-
SHA256
fe15275ee5520d67f42a647129159397750c0d0a9afaedbd30e16f42b559de52
-
SHA512
82d469a2269afc93d4c9f821228647c05dbadaa7be9983c90990e623f4880798f9fef40193e6e8669e199a1a768850375d1d793e483506363423a4583e230bc6
-
SSDEEP
49152:iCwsbCANnKXferL7Vwe/Gg0P+Wh0MYdF6n:lws2ANnKXOaeOgmh0MyF6n
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-