General
-
Target
2d9b57cb8b78aba7bf830f7b5ded7d4fe80eb8034cbbddb972a04ec1de168aae
-
Size
9.5MB
-
Sample
240525-x4dacsfc7z
-
MD5
d28366b555ff3c93cfe3f2224131fbe7
-
SHA1
042e818ea75b1d8e57acb9379a753a9192fb1bfc
-
SHA256
2d9b57cb8b78aba7bf830f7b5ded7d4fe80eb8034cbbddb972a04ec1de168aae
-
SHA512
064d920da28b848c55e55ff90ac7fcdf33098b258f74d81f6425300cb39c0a70632cf65c515cacf9099c30649e93b2307a75c629b406f95858e39cdbce483433
-
SSDEEP
98304:Tws2ANnKXOaeOgmhGDmn2onw8tydtdUeitbTUOhnxidIVAP:1KXbeO7Imn/37VTb/g
Malware Config
Targets
-
-
Target
2d9b57cb8b78aba7bf830f7b5ded7d4fe80eb8034cbbddb972a04ec1de168aae
-
Size
9.5MB
-
MD5
d28366b555ff3c93cfe3f2224131fbe7
-
SHA1
042e818ea75b1d8e57acb9379a753a9192fb1bfc
-
SHA256
2d9b57cb8b78aba7bf830f7b5ded7d4fe80eb8034cbbddb972a04ec1de168aae
-
SHA512
064d920da28b848c55e55ff90ac7fcdf33098b258f74d81f6425300cb39c0a70632cf65c515cacf9099c30649e93b2307a75c629b406f95858e39cdbce483433
-
SSDEEP
98304:Tws2ANnKXOaeOgmhGDmn2onw8tydtdUeitbTUOhnxidIVAP:1KXbeO7Imn/37VTb/g
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-