General
-
Target
7e3a765d6b4434f4077cacfa7afff18992540c26dc37ce1aeb741b9483a7814d
-
Size
2.9MB
-
Sample
240625-zqvctsseqh
-
MD5
553bcb27787160d415e59c234e449c8c
-
SHA1
f02498fcd5bb17f768eff9f4afe9ee3f386d688c
-
SHA256
7e3a765d6b4434f4077cacfa7afff18992540c26dc37ce1aeb741b9483a7814d
-
SHA512
f3901ae9a5f3511cff4923e2a3065da95e9eb0e13d406ad2bf4e846eb34b1d661f8cfb251d75f51d225d1f6b0dddcee8dad6017f5cabc0a0ecdfcbe6a8fe4b6d
-
SSDEEP
49152:rCwsbCANnKXferL7Vwe/Gg0P+Whl24F0DtaLq:uws2ANnKXOaeOgmhl10DtaLq
Malware Config
Targets
-
-
Target
7e3a765d6b4434f4077cacfa7afff18992540c26dc37ce1aeb741b9483a7814d
-
Size
2.9MB
-
MD5
553bcb27787160d415e59c234e449c8c
-
SHA1
f02498fcd5bb17f768eff9f4afe9ee3f386d688c
-
SHA256
7e3a765d6b4434f4077cacfa7afff18992540c26dc37ce1aeb741b9483a7814d
-
SHA512
f3901ae9a5f3511cff4923e2a3065da95e9eb0e13d406ad2bf4e846eb34b1d661f8cfb251d75f51d225d1f6b0dddcee8dad6017f5cabc0a0ecdfcbe6a8fe4b6d
-
SSDEEP
49152:rCwsbCANnKXferL7Vwe/Gg0P+Whl24F0DtaLq:uws2ANnKXOaeOgmhl10DtaLq
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-