General
-
Target
5050790a5de5238740494f788f086f53132c98dc4efd539a2eb7668bd43376db
-
Size
2.3MB
-
Sample
240525-wbwesscg36
-
MD5
232aa6a6aaba5a6c0177a608f5feb2a4
-
SHA1
730689a1fba1d9a7a4568e6ee8c1b0f78e05310d
-
SHA256
5050790a5de5238740494f788f086f53132c98dc4efd539a2eb7668bd43376db
-
SHA512
3ba99df31406f66e37fab5f15f7466ebbeb9f7b0b628511e8818ac507de687ffff11b670f9e89c0847430a725004ea822f550cd5437c69ef3894c3e32a94e28d
-
SSDEEP
24576:yCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHm:yCwsbCANnKXferL7Vwe/Gg0P+Whp
Malware Config
Targets
-
-
Target
5050790a5de5238740494f788f086f53132c98dc4efd539a2eb7668bd43376db
-
Size
2.3MB
-
MD5
232aa6a6aaba5a6c0177a608f5feb2a4
-
SHA1
730689a1fba1d9a7a4568e6ee8c1b0f78e05310d
-
SHA256
5050790a5de5238740494f788f086f53132c98dc4efd539a2eb7668bd43376db
-
SHA512
3ba99df31406f66e37fab5f15f7466ebbeb9f7b0b628511e8818ac507de687ffff11b670f9e89c0847430a725004ea822f550cd5437c69ef3894c3e32a94e28d
-
SSDEEP
24576:yCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHm:yCwsbCANnKXferL7Vwe/Gg0P+Whp
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-