General
-
Target
101840928ea7d07b29707954329cf779db9b335ea40a3277acbe7d48b3c46d6a
-
Size
2.3MB
-
Sample
240821-gwdyxstbje
-
MD5
e2a6fb125beb604340e2d9109320cf51
-
SHA1
406ff15e666b4984338989f8138dedb2ef32eecc
-
SHA256
101840928ea7d07b29707954329cf779db9b335ea40a3277acbe7d48b3c46d6a
-
SHA512
14dcb8901699ecaf4b5b3e4121c6e3ff73c2c38d6a2f87d658530631e1197f3e75bd1bcb39314512dfc0c308807b9e921bf3a943ed4aad53abed8067859205ee
-
SSDEEP
24576:eCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHt:eCwsbCANnKXferL7Vwe/Gg0P+Whw2e
Malware Config
Targets
-
-
Target
101840928ea7d07b29707954329cf779db9b335ea40a3277acbe7d48b3c46d6a
-
Size
2.3MB
-
MD5
e2a6fb125beb604340e2d9109320cf51
-
SHA1
406ff15e666b4984338989f8138dedb2ef32eecc
-
SHA256
101840928ea7d07b29707954329cf779db9b335ea40a3277acbe7d48b3c46d6a
-
SHA512
14dcb8901699ecaf4b5b3e4121c6e3ff73c2c38d6a2f87d658530631e1197f3e75bd1bcb39314512dfc0c308807b9e921bf3a943ed4aad53abed8067859205ee
-
SSDEEP
24576:eCwsbKgbQ5NANIvGTYwMHXA+wT1kfTw4SIuvB74fgt7ibhRM5QhKehFdMtRj7nHt:eCwsbCANnKXferL7Vwe/Gg0P+Whw2e
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1