General
-
Target
5f4a714636aca868a66931236426e27d8a2de5c3c3999662bbab199b59392c5d
-
Size
4.0MB
-
Sample
240625-2ftpnaxfld
-
MD5
9a8fca6f0e78320be42e9024675ba224
-
SHA1
4323ef37206e9adec1b9e1282469359d2d1a6581
-
SHA256
5f4a714636aca868a66931236426e27d8a2de5c3c3999662bbab199b59392c5d
-
SHA512
9ab9671c2ab9d178d766a5dd46f1be2ddde6f620e1c5b147d479cabf2b5d3ed16b4a03aa6cfd9996bbc19e0ce6a136f07b17cb0ad3321db4a9b5169d05408676
-
SSDEEP
98304:cws2ANnKXOaeOgmhr3tHO1x2sxl+EPJ4l34ptv1a:KKXbeO7Fdu1xZH+EsUvs
Malware Config
Targets
-
-
Target
5f4a714636aca868a66931236426e27d8a2de5c3c3999662bbab199b59392c5d
-
Size
4.0MB
-
MD5
9a8fca6f0e78320be42e9024675ba224
-
SHA1
4323ef37206e9adec1b9e1282469359d2d1a6581
-
SHA256
5f4a714636aca868a66931236426e27d8a2de5c3c3999662bbab199b59392c5d
-
SHA512
9ab9671c2ab9d178d766a5dd46f1be2ddde6f620e1c5b147d479cabf2b5d3ed16b4a03aa6cfd9996bbc19e0ce6a136f07b17cb0ad3321db4a9b5169d05408676
-
SSDEEP
98304:cws2ANnKXOaeOgmhr3tHO1x2sxl+EPJ4l34ptv1a:KKXbeO7Fdu1xZH+EsUvs
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-