General
-
Target
7617256fd1902c5cc524ce3d4683b4b86ef5b68eb548cad61efd85a1ddf8b338
-
Size
2.3MB
-
Sample
240526-maek8afe38
-
MD5
1942fd98387734dfde0557d1a227fc7b
-
SHA1
91bc0820868bd4d7f4e66e48456bbfaba924d530
-
SHA256
7617256fd1902c5cc524ce3d4683b4b86ef5b68eb548cad61efd85a1ddf8b338
-
SHA512
cc17cdba72bc1ab688a752e3ef24c4a7cf0b9a1cd814fc18ad946450ac85b9355399a7f3c9ac782eae78babbf9fe57ebeec83f63683c503cb060e913ee9356f2
-
SSDEEP
49152:r09XJt4HIN2H2tFvduySSd0YZPItx2apeapelI:YZJt4HINy2LkSd+tUvlI
Malware Config
Targets
-
-
Target
7617256fd1902c5cc524ce3d4683b4b86ef5b68eb548cad61efd85a1ddf8b338
-
Size
2.3MB
-
MD5
1942fd98387734dfde0557d1a227fc7b
-
SHA1
91bc0820868bd4d7f4e66e48456bbfaba924d530
-
SHA256
7617256fd1902c5cc524ce3d4683b4b86ef5b68eb548cad61efd85a1ddf8b338
-
SHA512
cc17cdba72bc1ab688a752e3ef24c4a7cf0b9a1cd814fc18ad946450ac85b9355399a7f3c9ac782eae78babbf9fe57ebeec83f63683c503cb060e913ee9356f2
-
SSDEEP
49152:r09XJt4HIN2H2tFvduySSd0YZPItx2apeapelI:YZJt4HINy2LkSd+tUvlI
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-