General
-
Target
6d92d6566324a98dcdfa4e1e0ccc9de155240df987d99901229384541ec751a4
-
Size
4.9MB
-
Sample
240526-g3f2vsae77
-
MD5
8bbe76e9ba0877a1872e0cb80742e903
-
SHA1
84f0d2822b1a3810e6797e8d125aa6726fd05953
-
SHA256
6d92d6566324a98dcdfa4e1e0ccc9de155240df987d99901229384541ec751a4
-
SHA512
47a922f7274ccb315154df185f2de29111173c31b2d71baa550fecbbf19e146cea8030770af181ecbd4bd238cede43009d0e9cecc73a083d8a8da08df57bdf43
-
SSDEEP
49152:HQZAdVyVT9n/Gg0P+WhoIDmn2JbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHCr:wGdVyVT9nOgmhLDmn2JbXsPN5kiQaZ56
Malware Config
Targets
-
-
Target
6d92d6566324a98dcdfa4e1e0ccc9de155240df987d99901229384541ec751a4
-
Size
4.9MB
-
MD5
8bbe76e9ba0877a1872e0cb80742e903
-
SHA1
84f0d2822b1a3810e6797e8d125aa6726fd05953
-
SHA256
6d92d6566324a98dcdfa4e1e0ccc9de155240df987d99901229384541ec751a4
-
SHA512
47a922f7274ccb315154df185f2de29111173c31b2d71baa550fecbbf19e146cea8030770af181ecbd4bd238cede43009d0e9cecc73a083d8a8da08df57bdf43
-
SSDEEP
49152:HQZAdVyVT9n/Gg0P+WhoIDmn2JbXsPNIULkmp1/j6AeXZG7wmpvGF1IP9z5WuHCr:wGdVyVT9nOgmhLDmn2JbXsPN5kiQaZ56
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-