General
-
Target
4117196738b2803dee763b2c7f554273f893b034d4e362306149b5378d521c3d
-
Size
2.1MB
-
Sample
240626-cljn7sycrb
-
MD5
59a8e63b155f010c9a69eb4ae8058bde
-
SHA1
6661001f269ed457d639bc848865f9f22eb71269
-
SHA256
4117196738b2803dee763b2c7f554273f893b034d4e362306149b5378d521c3d
-
SHA512
6004e0de3815a26e3475f4e9915974815e532b885a6bc052cffb44b0650ed1b2700791324e6ba5a404e7185c87dec3f91d8161581996284d6669ee7d41e6eed7
-
SSDEEP
49152:ZQZAdVyVT9n/Gg0P+Whoa7hMF8HJGttFEjA6ECxcQQGO+:KGdVyVT9nOgmhAu0EjIjvGv
Malware Config
Targets
-
-
Target
4117196738b2803dee763b2c7f554273f893b034d4e362306149b5378d521c3d
-
Size
2.1MB
-
MD5
59a8e63b155f010c9a69eb4ae8058bde
-
SHA1
6661001f269ed457d639bc848865f9f22eb71269
-
SHA256
4117196738b2803dee763b2c7f554273f893b034d4e362306149b5378d521c3d
-
SHA512
6004e0de3815a26e3475f4e9915974815e532b885a6bc052cffb44b0650ed1b2700791324e6ba5a404e7185c87dec3f91d8161581996284d6669ee7d41e6eed7
-
SSDEEP
49152:ZQZAdVyVT9n/Gg0P+Whoa7hMF8HJGttFEjA6ECxcQQGO+:KGdVyVT9nOgmhAu0EjIjvGv
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Fatal Rat payload
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-