General
-
Target
2099e8562f6753f960368b19a1e6859aa854a9150f9de467f09969e02d9864c0
-
Size
3.6MB
-
Sample
240711-qbrhysxdrk
-
MD5
b82d2b16d0ac034ffd9b09228e5d79c0
-
SHA1
674354ea491d2041a282f3366fd2fb137bab3478
-
SHA256
2099e8562f6753f960368b19a1e6859aa854a9150f9de467f09969e02d9864c0
-
SHA512
114bc560c19c649dbcb0ab277a0bedbf82034a0e981dca4c1796cff0c5d3501b400ac58a2d8d20f7c216c92fe5ddad0c92e98c66d2a503b7518a1673e4482fbf
-
SSDEEP
49152:gjwsbCANnKXferL7Vwe/Gg0P+Wh2wypdjKr6mvhSX4Cr0pF09EyXE:uws2ANnKXOaeOgmhsdPr0pF0TU
Malware Config
Targets
-
-
Target
2099e8562f6753f960368b19a1e6859aa854a9150f9de467f09969e02d9864c0
-
Size
3.6MB
-
MD5
b82d2b16d0ac034ffd9b09228e5d79c0
-
SHA1
674354ea491d2041a282f3366fd2fb137bab3478
-
SHA256
2099e8562f6753f960368b19a1e6859aa854a9150f9de467f09969e02d9864c0
-
SHA512
114bc560c19c649dbcb0ab277a0bedbf82034a0e981dca4c1796cff0c5d3501b400ac58a2d8d20f7c216c92fe5ddad0c92e98c66d2a503b7518a1673e4482fbf
-
SSDEEP
49152:gjwsbCANnKXferL7Vwe/Gg0P+Wh2wypdjKr6mvhSX4Cr0pF09EyXE:uws2ANnKXOaeOgmhsdPr0pF0TU
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-