General
-
Target
045e0a542ba96c75b593a35c9bd747a3197aec75764f8f34e6fba9a51fefc7f1
-
Size
3.3MB
-
Sample
240525-x4tbksfg35
-
MD5
c0e1eac3790db65a50780d3dfce303ed
-
SHA1
9c8f6333e2a6cd6a58592e5840b795319899e2cd
-
SHA256
045e0a542ba96c75b593a35c9bd747a3197aec75764f8f34e6fba9a51fefc7f1
-
SHA512
51248adcbf891efee37b8191feb4cb1b0efb9d4fe283573f222c72723ea9de6d9c514d14cf3e0614cb681748327a6bae6feeb7c80d8d2cbc30863cc31cd02781
-
SSDEEP
49152:T09XJt4HIN2H2tFvduySXe4ldYWE6rKhTeQyKp:gZJt4HINy2LkO4ldYWYEu
Malware Config
Targets
-
-
Target
045e0a542ba96c75b593a35c9bd747a3197aec75764f8f34e6fba9a51fefc7f1
-
Size
3.3MB
-
MD5
c0e1eac3790db65a50780d3dfce303ed
-
SHA1
9c8f6333e2a6cd6a58592e5840b795319899e2cd
-
SHA256
045e0a542ba96c75b593a35c9bd747a3197aec75764f8f34e6fba9a51fefc7f1
-
SHA512
51248adcbf891efee37b8191feb4cb1b0efb9d4fe283573f222c72723ea9de6d9c514d14cf3e0614cb681748327a6bae6feeb7c80d8d2cbc30863cc31cd02781
-
SSDEEP
49152:T09XJt4HIN2H2tFvduySXe4ldYWE6rKhTeQyKp:gZJt4HINy2LkO4ldYWYEu
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-