General
-
Target
c22e4d31368b187ef91e5d57d38d841bda435df6ef26d82c422ff78be6bf04ce
-
Size
2.8MB
-
Sample
240625-rs973aybjp
-
MD5
9f8b254d6c3df759013d187394b9ceaf
-
SHA1
63827b59763e23cf4044e1cc7723067aeecab9cf
-
SHA256
c22e4d31368b187ef91e5d57d38d841bda435df6ef26d82c422ff78be6bf04ce
-
SHA512
65d0686e92ef0f44219bad929ae69c934b7111e42c5509532e6bd45d526c6fd5f205a004837d25ff9b3b45eb9c760285ec5a27bdeff37e72c67f39520b1a0660
-
SSDEEP
24576:aCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH5:aCwsbCANnKXferL7Vwe/Gg0P+WhsR7R
Malware Config
Targets
-
-
Target
c22e4d31368b187ef91e5d57d38d841bda435df6ef26d82c422ff78be6bf04ce
-
Size
2.8MB
-
MD5
9f8b254d6c3df759013d187394b9ceaf
-
SHA1
63827b59763e23cf4044e1cc7723067aeecab9cf
-
SHA256
c22e4d31368b187ef91e5d57d38d841bda435df6ef26d82c422ff78be6bf04ce
-
SHA512
65d0686e92ef0f44219bad929ae69c934b7111e42c5509532e6bd45d526c6fd5f205a004837d25ff9b3b45eb9c760285ec5a27bdeff37e72c67f39520b1a0660
-
SSDEEP
24576:aCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nH5:aCwsbCANnKXferL7Vwe/Gg0P+WhsR7R
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-