General
-
Target
eab2759e8f14542b9fbb2e62baf3989a7e817fa2b9eb5f68ecccbb3e75308206
-
Size
4.6MB
-
Sample
240625-ydmlsayeld
-
MD5
77d4f0339498bcb4825faf2ccd9d3891
-
SHA1
49efa5451f7ffeeb5188483779776170fe72da30
-
SHA256
eab2759e8f14542b9fbb2e62baf3989a7e817fa2b9eb5f68ecccbb3e75308206
-
SHA512
7be1fdbc8cc07718a6d6a556c940d8c9818cc03e270dd5b868e00d693fc7b5ea214827bf0cef2fef46d3d4a92a737e8e123d344f6d00a4ced72db4afccd7a545
-
SSDEEP
98304:Uws2ANnKXOaeOgmhnibDmn2lYqEGLzXRYCedD2O:CKXbeO7hi/mn8Lzh7e5
Malware Config
Targets
-
-
Target
eab2759e8f14542b9fbb2e62baf3989a7e817fa2b9eb5f68ecccbb3e75308206
-
Size
4.6MB
-
MD5
77d4f0339498bcb4825faf2ccd9d3891
-
SHA1
49efa5451f7ffeeb5188483779776170fe72da30
-
SHA256
eab2759e8f14542b9fbb2e62baf3989a7e817fa2b9eb5f68ecccbb3e75308206
-
SHA512
7be1fdbc8cc07718a6d6a556c940d8c9818cc03e270dd5b868e00d693fc7b5ea214827bf0cef2fef46d3d4a92a737e8e123d344f6d00a4ced72db4afccd7a545
-
SSDEEP
98304:Uws2ANnKXOaeOgmhnibDmn2lYqEGLzXRYCedD2O:CKXbeO7hi/mn8Lzh7e5
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-