General

  • Target

    2276-7-0x0000000000400000-0x000000000233B000-memory.dmp

  • Size

    31.2MB

  • MD5

    7a9949698794f03cd2b3361b8325af59

  • SHA1

    a704348510472392e565a722c3d52996d60df8dd

  • SHA256

    94ccd38497eb752e75e752208e94b81adfc6504203ab47bf2e9f51e880161398

  • SHA512

    bc8db923203288267b4cbc351d2d3aa043cb7d6d295ce94d14a37b9b85632cef67fd86aecde89bc871b6779a29e7c8c4fdec54ce6b2c458f8979274f92b6f7fb

  • SSDEEP

    196608:m0j2VCjP3Gx0GaN+hn0u50iIoysG+Xcni0iYvr00E5GqJd5igOcSWUOMzn0O1koV:6mGxrz0utIoLv520IiBOcSWUOMr0Klz

Malware Config

Extracted

Family

gh0strat

C2

hfs666.top

Signatures

  • Detect PurpleFox Rootkit 1 IoCs

    Detect PurpleFox Rootkit.

  • Gh0st RAT payload 1 IoCs
  • Gh0strat family
  • Purplefox family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2276-7-0x0000000000400000-0x000000000233B000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections