General
-
Target
197285ba53d4aa4802507cc016b1a5d19739e8074e72588691b599b5672a1e98
-
Size
1.7MB
-
Sample
240821-shnrrayekl
-
MD5
18a51df75cd95d77fbda1aeb5cb17438
-
SHA1
7da4e690bd553d1e774bdd4963656c3f52a57d0c
-
SHA256
197285ba53d4aa4802507cc016b1a5d19739e8074e72588691b599b5672a1e98
-
SHA512
27bbffaa73c64c80cf263f504314d2959ffb3393e4aa80b6298ec46037f4a9d4c20294a404d52e01f87d78188160fea6ad405b13b93c533351cf644a51002778
-
SSDEEP
24576:XJlclt5yn4GfqNMrTbxYrX3D3UvCVV7rWHEyikJwKHI7D30VCQuVqGmC6ctJhbKz:ZC5+JrrToD3WCn7IEBkJ3HR9uvT6Ydq
Malware Config
Targets
-
-
Target
197285ba53d4aa4802507cc016b1a5d19739e8074e72588691b599b5672a1e98
-
Size
1.7MB
-
MD5
18a51df75cd95d77fbda1aeb5cb17438
-
SHA1
7da4e690bd553d1e774bdd4963656c3f52a57d0c
-
SHA256
197285ba53d4aa4802507cc016b1a5d19739e8074e72588691b599b5672a1e98
-
SHA512
27bbffaa73c64c80cf263f504314d2959ffb3393e4aa80b6298ec46037f4a9d4c20294a404d52e01f87d78188160fea6ad405b13b93c533351cf644a51002778
-
SSDEEP
24576:XJlclt5yn4GfqNMrTbxYrX3D3UvCVV7rWHEyikJwKHI7D30VCQuVqGmC6ctJhbKz:ZC5+JrrToD3WCn7IEBkJ3HR9uvT6Ydq
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1