General
-
Target
337765a6a7e25aa42c094e0432729e2eaf2a1c39c1fc3f6cb2887c87fd5e6943
-
Size
2.4MB
-
Sample
240525-xd1b7sea6t
-
MD5
b82c14ef8c11b898eb4c1ebd9527a1b0
-
SHA1
96752643011cc5f28c711d990a74bc5dc72c88a8
-
SHA256
337765a6a7e25aa42c094e0432729e2eaf2a1c39c1fc3f6cb2887c87fd5e6943
-
SHA512
03a206f20851060116a734effd2051785b232d7f8b302a8d9335aa568b5b4eff23fb11d9a490ce314bceb76db7c3fee2df99d579a9ab16447c9e08154c0133cc
-
SSDEEP
24576:9CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHr:9CwsbCANnKXferL7Vwe/Gg0P+WhOia
Malware Config
Targets
-
-
Target
337765a6a7e25aa42c094e0432729e2eaf2a1c39c1fc3f6cb2887c87fd5e6943
-
Size
2.4MB
-
MD5
b82c14ef8c11b898eb4c1ebd9527a1b0
-
SHA1
96752643011cc5f28c711d990a74bc5dc72c88a8
-
SHA256
337765a6a7e25aa42c094e0432729e2eaf2a1c39c1fc3f6cb2887c87fd5e6943
-
SHA512
03a206f20851060116a734effd2051785b232d7f8b302a8d9335aa568b5b4eff23fb11d9a490ce314bceb76db7c3fee2df99d579a9ab16447c9e08154c0133cc
-
SSDEEP
24576:9CwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHr:9CwsbCANnKXferL7Vwe/Gg0P+WhOia
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-