General
-
Target
793ca55cefe37d36f62e390740df5d61366761f5a8699dbb667b6589936f0350
-
Size
1.7MB
-
Sample
240825-qjk15swdma
-
MD5
3db9eef533ceb3f0a4308377c1bbdfde
-
SHA1
6a0b24013d984679e054d9a55d5e2aa4012449e2
-
SHA256
793ca55cefe37d36f62e390740df5d61366761f5a8699dbb667b6589936f0350
-
SHA512
9059775b0759f16e494c9159b6b45d1f0742d5da583910840a87bed4e804f83f388a77fb8a1df4df1038c0adafa98ab3a7d569dee6a713d14d56389cd73d6921
-
SSDEEP
49152:n09XJt4HIN2H2tFvduySdpevlf6zqgmnpeapeT:0ZJt4HINy2LkCv0eQvT
Malware Config
Targets
-
-
Target
793ca55cefe37d36f62e390740df5d61366761f5a8699dbb667b6589936f0350
-
Size
1.7MB
-
MD5
3db9eef533ceb3f0a4308377c1bbdfde
-
SHA1
6a0b24013d984679e054d9a55d5e2aa4012449e2
-
SHA256
793ca55cefe37d36f62e390740df5d61366761f5a8699dbb667b6589936f0350
-
SHA512
9059775b0759f16e494c9159b6b45d1f0742d5da583910840a87bed4e804f83f388a77fb8a1df4df1038c0adafa98ab3a7d569dee6a713d14d56389cd73d6921
-
SSDEEP
49152:n09XJt4HIN2H2tFvduySdpevlf6zqgmnpeapeT:0ZJt4HINy2LkCv0eQvT
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1